Fix latest issues

Author: habarthierry-hue

Directory.Build.props

@@ -1,6 +1,6 @@
 <Project>
     <PropertyGroup>
-        <VersionPrefix>5.0.3</VersionPrefix>
+        <VersionPrefix>5.0.4-rc1</VersionPrefix>
         <Authors>SimpleIdServer</Authors>
         <Owners>SimpleIdServer</Owners>
     </PropertyGroup>

src/IdServer/SimpleIdServer.IdServer.Startup/Resources/LayoutResource.Designer.cs

@@ -156,6 +156,9 @@
   <data name="selected_language" xml:space="preserve">
     <value>Language is {0}</value>
   </data>
+  <data name="Sessions" xml:space="preserve">
+    <value>Sessions</value>
+  </data>
   <data name="UnexpectedError" xml:space="preserve">
     <value>Unexpected error</value>
   </data>

src/IdServer/SimpleIdServer.IdServer.Startup/Resources/LayoutResource.resx

@@ -75,7 +75,7 @@
                     @AuthenticatePasswordResource.maximum_number_active_sessions
                 </p>
                 <p>
-                    @AuthenticatePasswordResource.reject_sessions : <a href="@Url.Action("Index", "Accounts", new { area = "" })">@AuthenticatePasswordResource.sessions</a>
+                    @AuthenticatePasswordResource.reject_sessions : <a href="@Url.Action("Index", "Sessions", new { area = "" })">@AuthenticatePasswordResource.sessions</a>
                 </p>
             </div>
         }

src/IdServer/SimpleIdServer.IdServer.Startup/Views/Shared/_AuthenticateLayout.cshtml

@@ -1,7 +1,9 @@
 @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
+@using SimpleIdServer.IdServer.Options
 @using SimpleIdServer.IdServer.Startup.Resources
 @using Microsoft.Extensions.Options
 @using System.Globalization
+@inject IOptions<IdServerHostOptions> options
 
 @inject IOptions<SimpleIdServer.IdServer.Options.IdServerHostOptions> Options
 
@@ -38,6 +40,15 @@
                         </a>
                     </li>
                 }
+
+                @if (options.Value.UseRealm)
+                {
+                    <li class="nav-item">
+                        <a class="nav-link" href="@Url.Action("Index", "Sessions", new { prefix = string.Empty })">
+                            @LayoutResource.Sessions
+                        </a>
+                    </li>
+                }
                 @RenderSection("SubMenu", required: false)
             </ul>
             <ul class="navbar-nav">

src/IdServer/SimpleIdServer.IdServer.Startup/Views/Shared/_Layout.cshtml

@@ -60,10 +60,10 @@ private static class AuthenticateResults
         /// <param name="encoder">The <see cref="UrlEncoder"/>.</param>
         /// <param name="clock">The <see cref="ISystemClock"/>.</param>
         public IdServerCookieAuthenticationHandler(
-            IUserSessionResitory userSessionResitory, 
+            IUserSessionResitory userSessionResitory,
             IOptions<IdServerHostOptions> idServerHostOptions,
             IRealmStore realmStore,
-            IOptionsMonitor<CookieAuthenticationOptions> options, 
+            IOptionsMonitor<CookieAuthenticationOptions> options,
             ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
         {
@@ -220,7 +220,7 @@ private async Task<AuthenticateResult> ReadCookieTicket()
                 sessionId = Options.CookieManager.GetRequestCookie(Context, sessionCookieName);
             }
 
-            if(!string.IsNullOrWhiteSpace(sessionId))
+            if (!string.IsNullOrWhiteSpace(sessionId))
             {
                 var realm = _realmStore.Realm;
                 realm = realm ?? Constants.DefaultRealm;
@@ -243,7 +243,7 @@ private async Task<AuthenticateResult> ReadCookieTicket()
                         Context,
                         GetCookieName()!,
                         context.CookieOptions);
-                    if(!string.IsNullOrWhiteSpace(sessionCookieName)) Options.CookieManager.DeleteCookie(Context, sessionCookieName, context.CookieOptions);
+                    if (!string.IsNullOrWhiteSpace(sessionCookieName)) Options.CookieManager.DeleteCookie(Context, sessionCookieName, context.CookieOptions);
                     return AuthenticateResults.ExpiredTicket;
                 }
             }
@@ -436,9 +436,13 @@ protected override async Task HandleSignInAsync(ClaimsPrincipal user, Authentica
         protected override async Task HandleSignOutAsync(AuthenticationProperties properties)
         {
             properties = properties ?? new AuthenticationProperties();
+            var realm = _realmStore.Realm;
+            if (properties.Items?.ContainsKey(Constants.RealmKey) == true)
+            {
+                realm = properties.Items[Constants.RealmKey];
+            }
 
             _signOutCalled = true;
-
             // Process the request cookie to initialize members like _sessionKey.
             await EnsureCookieTicket();
             var cookieOptions = BuildCookieOptions();
@@ -458,7 +462,7 @@ protected override async Task HandleSignOutAsync(AuthenticationProperties proper
 
             Options.CookieManager.DeleteCookie(
                 Context,
-                GetCookieName()!,
+                GetCookieName(realm, Options.Cookie.Name)!,
                 context.CookieOptions);
 
             // Only honor the ReturnUrl query string parameter on the logout path
@@ -562,4 +566,4 @@ public static string GetCookieName(string realm, string cookieName)
             return $"{cookieName}.{realm}";
         }
     }
-}
+}

src/IdServer/SimpleIdServer.IdServer/Auth/IdServerCookieAuthenticationHandler.cs

@@ -15,6 +15,7 @@ namespace SimpleIdServer.IdServer
     public static class Constants
     {
         public const string LogoutUserKey = "otherUser";
+        public const string RealmKey = "realm";
 
         public static class JWKUsages
         {

src/IdServer/SimpleIdServer.IdServer/Constants.cs

@@ -0,0 +1,25 @@
+// Copyright (c) SimpleIdServer. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Routing;
+using System;
+
+namespace SimpleIdServer.IdServer.Infastructures;
+
+public class NotEqualConstraint : IRouteConstraint
+{
+    private readonly string _excludedValue;
+
+    public NotEqualConstraint(string excludedValue)
+    {
+        _excludedValue = excludedValue;
+    }
+
+    public bool Match(HttpContext httpContext, IRouter route, string routeKey,
+        RouteValueDictionary values, RouteDirection routeDirection)
+    {
+        return !string.Equals(values[routeKey]?.ToString(),
+            _excludedValue,
+            StringComparison.OrdinalIgnoreCase);
+    }
+}

src/IdServer/SimpleIdServer.IdServer/Infastructures/NotEqualConstraint.cs

@@ -145,10 +145,12 @@ public static IdServerStoreChooser AddSIDIdentityServer(
                         if (!string.IsNullOrWhiteSpace(nameIdentifier))
                         {
                             var realmStore = ctx.HttpContext.RequestServices.GetRequiredService<IRealmStore>();
+                            var realm = realmStore.Realm;
+                            if (ctx.Properties != null && ctx.Properties.Items.ContainsKey(Constants.RealmKey)) realm = ctx.Properties.Items[Constants.RealmKey];
                             ctx.Options.CookieManager.DeleteCookie(
-                                    ctx.HttpContext,
-                                    $"{IdServerCookieAuthenticationHandler.GetCookieName(realmStore.Realm, ctx.Options.Cookie.Name)}-{nameIdentifier.SanitizeNameIdentifier()}",
-                                    ctx.CookieOptions);
+                               ctx.HttpContext,
+                                $"{IdServerCookieAuthenticationHandler.GetCookieName(realm, ctx.Options.Cookie.Name)}-{nameIdentifier.SanitizeNameIdentifier()}",
+                               ctx.CookieOptions);
                         }
 
                         return Task.CompletedTask;

src/IdServer/SimpleIdServer.IdServer/ServiceCollectionExtensions.cs

@@ -109,7 +109,7 @@ public async Task<IActionResult> EndSession([FromRoute] string prefix, Cancellat
             var state = jObjBody.GetStateFromRpInitiatedLogoutRequest();
             try
             {
-                var subject = User.Claims.First(c => c.Type == ClaimTypes.NameIdentifier).Value;
+                var subject = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
                 if (string.IsNullOrWhiteSpace(postLogoutRedirectUri))
                 {
                     Response.Cookies.Delete(_options.GetSessionCookieName(_realmStore.Realm, subject));