Ticket #851 : Create a library to import data from the openiddict storage

Author: habarthierry-hue

SimpleIdServer.IdServer.Host.sln

@@ -173,6 +173,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SimpleIdServer.IdServer.Mig
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SimpleIdServer.IdServer.Migrations", "src\IdServer\SimpleIdServer.IdServer.Migrations\SimpleIdServer.IdServer.Migrations.csproj", "{1C89FFB2-6054-73EC-8DFE-B97CC1C7B55B}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SimpleIdServer.IdServer.Migrations.Openiddict", "src\IdServer\SimpleIdServer.IdServer.Migrations.Openiddict\SimpleIdServer.IdServer.Migrations.Openiddict.csproj", "{7BABE6E4-5F4B-7A0D-9FF2-FA97AA9BE01D}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -447,6 +449,10 @@ Global
 		{1C89FFB2-6054-73EC-8DFE-B97CC1C7B55B}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{1C89FFB2-6054-73EC-8DFE-B97CC1C7B55B}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{1C89FFB2-6054-73EC-8DFE-B97CC1C7B55B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{7BABE6E4-5F4B-7A0D-9FF2-FA97AA9BE01D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{7BABE6E4-5F4B-7A0D-9FF2-FA97AA9BE01D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{7BABE6E4-5F4B-7A0D-9FF2-FA97AA9BE01D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{7BABE6E4-5F4B-7A0D-9FF2-FA97AA9BE01D}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -533,6 +539,7 @@ Global
 		{E3ED0DEE-B9BE-4A44-918E-78AF07F8CC13} = {4796A22B-91A9-42AF-87CA-F69392696B0A}
 		{A6C36FE3-F338-477B-E160-360D44D30D43} = {E3ED0DEE-B9BE-4A44-918E-78AF07F8CC13}
 		{1C89FFB2-6054-73EC-8DFE-B97CC1C7B55B} = {E3ED0DEE-B9BE-4A44-918E-78AF07F8CC13}
+		{7BABE6E4-5F4B-7A0D-9FF2-FA97AA9BE01D} = {E3ED0DEE-B9BE-4A44-918E-78AF07F8CC13}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {1FE1E2C8-475E-4592-8609-D331B1D01730}

default.ps1

@@ -245,6 +245,9 @@ task pack -depends release, compile, buildTemplate {
 	exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.IntegrationEvents\SimpleIdServer.IdServer.IntegrationEvents.csproj -c $config --output $result_dir }
 	exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.OpenTelemetry\SimpleIdServer.IdServer.OpenTelemetry.csproj -c $config --output $result_dir }
 	exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.Website.OpenTelemetry\SimpleIdServer.IdServer.Website.OpenTelemetry.csproj -c $config --output $result_dir }
+	exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.Migrations\SimpleIdServer.IdServer.Migrations.csproj -c $config --output $result_dir }
+	exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.Migrations.Duende\SimpleIdServer.IdServer.Migrations.Duende.csproj -c $config --output $result_dir }
+	exec { dotnet pack $source_dir\IdServer\SimpleIdServer.IdServer.Migrations.Openiddict\SimpleIdServer.IdServer.Migrations.Openiddict.csproj -c $config --output $result_dir }
 
 	exec { dotnet pack $source_dir\Scim\SimpleIdServer.Scim\SimpleIdServer.Scim.csproj -c $config --output $result_dir }
 	exec { dotnet pack $source_dir\Scim\SimpleIdServer.Scim.Domains\SimpleIdServer.Scim.Domains.csproj -c $config --output $result_dir }

src/IdServer/SimpleIdServer.IdServer.Domains/ClientSecret.cs

@@ -105,7 +105,13 @@ public static ClientSecret Resolve(string str)
             {
                 alg = _mappingAlgToSize.Single(kvp => kvp.Value == size).Key;
             }
-
+            else
+            {
+                if (payload[0] == 0x01)
+                {
+                    alg = HashAlgs.PBKDF2;
+                }
+            }
         }
 
         return new ClientSecret
@@ -146,5 +152,6 @@ public enum HashAlgs
     SHA1 = 2,
     SHA256 = 3,
     SHA384 = 4,
-    SHA512 = 5
+    SHA512 = 5,
+    PBKDF2 = 6
 }

src/IdServer/SimpleIdServer.IdServer.Domains/SimpleIdServer.IdServer.Domains.csproj

@@ -6,8 +6,8 @@
 		<Description>Domains of the Identity Server project.</Description>
 	</PropertyGroup>
 	<ItemGroup>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.1.2" />
-		<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.1.2" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.10.0" />
+		<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.10.0" />
 		<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
 	</ItemGroup>
 	<ItemGroup>

src/IdServer/SimpleIdServer.IdServer.Migrations.Duende/ApplicationDbContext.cs

@@ -5,7 +5,7 @@
 
 namespace SimpleIdServer.IdServer.Migrations.Duende;
 
-public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
+public class ApplicationDbContext : IdentityDbContext<ApplicationUser>, IApplicationDbContext
 {
     public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
         : base(options)

src/IdServer/SimpleIdServer.IdServer.Migrations.Duende/DuendeMigrationService.cs

@@ -1,7 +1,6 @@
 // Copyright (c) SimpleIdServer. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 using Duende.IdentityServer.EntityFramework.DbContexts;
-using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.IdentityModel.Tokens;
 using SimpleIdServer.IdServer.Api.Authorization.ResponseTypes;
@@ -10,7 +9,6 @@
 using SimpleIdServer.IdServer.Config;
 using SimpleIdServer.IdServer.Domains;
 using SimpleIdServer.IdServer.Stores;
-using System.IdentityModel.Tokens.Jwt;
 using DPoPTokenExpirationValidationMode = Duende.IdentityServer.Models.DPoPTokenExpirationValidationMode;
 using DuendeAccessTokenType = Duende.IdentityServer.Models.AccessTokenType;
 using DuendeApiResource = Duende.IdentityServer.EntityFramework.Entities.ApiResource;
@@ -19,29 +17,28 @@
 using DuendeIdentityResource = Duende.IdentityServer.EntityFramework.Entities.IdentityResource;
 namespace SimpleIdServer.IdServer.Migrations.Duende;
 
-public class DuendeMigrationService : IMigrationService
+public class DuendeMigrationService : BaseMicrosoftIdentityMigrationService
 {    
-    public string Name => Constants.Name;
     private readonly ConfigurationDbContext _configurationDbcontext;
-    private readonly ApplicationDbContext _applicationDbcontext;
     private readonly IScopeRepository _scopeRepository;
 
     public DuendeMigrationService(
         ConfigurationDbContext configurationDbcontext,
         ApplicationDbContext applicationDbcontext,
-        IScopeRepository scopeRepository)
+        IScopeRepository scopeRepository) : base(applicationDbcontext)
     {
         _configurationDbcontext = configurationDbcontext;
-        _applicationDbcontext = applicationDbcontext;
         _scopeRepository = scopeRepository;
     }
 
-    public Task<int> NbApiScopes(CancellationToken cancellationToken)
+    public override string Name => Constants.Name;
+
+    public override Task<int> NbApiScopes(CancellationToken cancellationToken)
     {
         return _configurationDbcontext.ApiScopes.CountAsync(cancellationToken);
     }
 
-    public async Task<List<Scope>> ExtractApiScopes(ExtractParameter parameter, CancellationToken cancellationToken)
+    public override async Task<List<Scope>> ExtractApiScopes(ExtractParameter parameter, CancellationToken cancellationToken)
     {
         var scopes = await _configurationDbcontext.ApiScopes
             .Include(c => c.UserClaims)
@@ -51,12 +48,12 @@ public async Task<List<Scope>> ExtractApiScopes(ExtractParameter parameter, Canc
         return scopes.Select(Map).ToList();
     }
 
-    public Task<int> NbIdentityScopes(CancellationToken cancellationToken)
+    public override Task<int> NbIdentityScopes(CancellationToken cancellationToken)
     {
         return _configurationDbcontext.IdentityResources.CountAsync(cancellationToken);
     }
 
-    public async Task<List<Scope>> ExtractIdentityScopes(ExtractParameter parameter, CancellationToken cancellationToken)
+    public override async Task<List<Scope>> ExtractIdentityScopes(ExtractParameter parameter, CancellationToken cancellationToken)
     {
         var scopes = await _configurationDbcontext.IdentityResources
             .Include(c => c.UserClaims)
@@ -66,12 +63,12 @@ public async Task<List<Scope>> ExtractIdentityScopes(ExtractParameter parameter,
         return scopes.Select(Map).ToList();
     }
 
-    public Task<int> NbApiResources(CancellationToken cancellationToken)
+    public override Task<int> NbApiResources(CancellationToken cancellationToken)
     {
         return _configurationDbcontext.ApiResources.CountAsync(cancellationToken);
     }
 
-    public async Task<List<ApiResource>> ExtractApiResources(ExtractParameter parameter, CancellationToken cancellationToken)
+    public override async Task<List<ApiResource>> ExtractApiResources(ExtractParameter parameter, CancellationToken cancellationToken)
     {
         var apiResources = await _configurationDbcontext.ApiResources
             .Include(c => c.UserClaims)
@@ -88,12 +85,12 @@ public async Task<List<ApiResource>> ExtractApiResources(ExtractParameter parame
         }).ToList();
     }
 
-    public Task<int> NbClients(CancellationToken cancellationToken)
+    public override Task<int> NbClients(CancellationToken cancellationToken)
     {
         return _configurationDbcontext.Clients.CountAsync(cancellationToken);
     }
 
-    public async Task<List<Client>> ExtractClients(ExtractParameter parameter, CancellationToken cancellationToken)
+    public override async Task<List<Client>> ExtractClients(ExtractParameter parameter, CancellationToken cancellationToken)
     {
         var clients = await _configurationDbcontext.Clients
             .Include(c => c.RedirectUris)
@@ -105,49 +102,16 @@ public async Task<List<Client>> ExtractClients(ExtractParameter parameter, Cance
             .AsNoTracking()
             .ToListAsync();
         var allScopeNames = clients.SelectMany(c => c.AllowedScopes.Select(s => s.Scope)).Distinct().ToList();
+        allScopeNames.Add(DefaultScopes.OpenIdScope.Name);
         var allScopes = await _scopeRepository.GetByNames(allScopeNames, cancellationToken);
         return clients.Select(c =>
         {
-            var filteredScopes = allScopes.Where(s => c.AllowedScopes.All(cs => cs.Scope == s.Name)).ToList();
+            var clientType = ResolveClientType(c);
+            var filteredScopes = allScopes.Where(s => c.AllowedScopes.All(cs => cs.Scope == s.Name) || (s.Name == DefaultScopes.OpenIdScope.Name && clientType != ClientTypes.MACHINE)).ToList();
             return Map(c, filteredScopes);
         }).ToList();
     }
 
-    public Task<int> NbGroups(CancellationToken cancellationToken)
-    {
-        return _applicationDbcontext.Roles.CountAsync(cancellationToken);
-    }
-
-    public async Task<List<Group>> ExtractGroups(ExtractParameter parameter, CancellationToken cancellationToken)
-    {
-        var allGroups = await _applicationDbcontext.Roles.Skip(parameter.StartIndex).Take(parameter.Count).ToListAsync(cancellationToken);
-        return allGroups.Select(Map).ToList();
-    }
-
-    public Task<int> NbUsers(CancellationToken cancellationToken)
-    {
-        return _applicationDbcontext.Users.CountAsync(cancellationToken);
-    }
-
-    public async Task<List<User>> ExtractUsers(ExtractParameter parameter, CancellationToken cancellationToken)
-    {
-        var users = await _applicationDbcontext.Users.Skip(parameter.StartIndex).Take(parameter.Count).ToListAsync(cancellationToken);
-        var allUserIds = users.Select(u => u.Id).ToList();
-        var allUserClaims = await _applicationDbcontext.UserClaims.Where(c => allUserIds.Contains(c.UserId)).ToListAsync(cancellationToken);
-        var allUserRoles = await _applicationDbcontext.UserRoles.Where(c => allUserIds.Contains(c.UserId)).ToListAsync(cancellationToken);
-        var allUserRoleIds = allUserRoles.Select(ur => ur.RoleId).Distinct().ToList();
-        var extractedUsers = new List<User>();
-        foreach (var user in users)
-        {
-            var userClaims = allUserClaims.Where(c => c.UserId == user.Id).Select(Map).ToList();
-            var userRoles = allUserRoles.Where(ur => ur.UserId == user.Id).Select(ur => ur.RoleId).ToList();
-            var extractedUser = Map(user, userClaims, userRoles);
-            extractedUsers.Add(extractedUser);
-        }
-
-        return extractedUsers;
-    }
-
     private static Scope Map(DuendeApiScope scope)
     {
         var lst = DefaultClaimMappers.All;
@@ -274,29 +238,6 @@ private static Client Map(DuendeClient client, List<Scope> scopes)
         result.UpdateClientName(client.ClientName, IdServer.Constants.DefaultLanguage);
         result.UpdateClientUri(client.ClientUri, IdServer.Constants.DefaultLanguage);
         result.UpdateLogoUri(client.LogoUri, IdServer.Constants.DefaultLanguage);
-        /*
-        AllowPlainTextPkce
-        EnableLocalLogin
-        RequireRequestObject
-        AllowedIdentityTokenSigningAlgorithms
-        AccessTokenLifetime
-        AllowOfflineAccess
-        AllowAccessTokensViaBrowser
-        Enabled
-        ProtocolType
-        RequireClientSecret
-        Description
-        AllowRememberConsent
-        AlwaysIncludeUserClaimsInIdToken
-        IdentityProviderRestrictions
-        IncludeJwtId
-        Claims
-        AlwaysSendClientClaims
-        ClientClaimsPrefix
-        ClientCorsOrigin
-        ClientProperty
-        UserCodeType
-        */
         return result;
     }
 
@@ -367,88 +308,6 @@ private static List<ClientSecret> ResolveClientSecrets(DuendeClient client)
         }).ToList();
     }
 
-    private static UserClaim Map(IdentityUserClaim<string> userClaim)
-    {
-        return new UserClaim
-        {
-            Id = Guid.NewGuid().ToString(),
-            Name = userClaim.ClaimType,
-            Value = userClaim.ClaimValue,
-            UserId = userClaim.UserId
-        };
-    }
-
-    private static Group Map(IdentityRole identityRole)
-    {
-        return new Group
-        {
-            Id = identityRole.Id,
-            Name = identityRole.Name,
-            Source = Constants.Name,
-            FullPath = identityRole.Name,
-            Description = identityRole.NormalizedName,
-            CreateDateTime = DateTime.UtcNow,
-            UpdateDateTime = DateTime.UtcNow
-        };
-    }
-
-    private static User Map(ApplicationUser applicationUser, List<UserClaim> userClaims, List<string> groupIds)
-    {
-        var result = new User
-        {
-            Id = applicationUser.Id,
-            Source = Constants.Name,
-            Name = applicationUser.UserName,
-            Email = applicationUser.Email,
-            UnblockDateTime = applicationUser.LockoutEnd == null ? null : applicationUser.LockoutEnd.Value.UtcDateTime,
-            NbLoginAttempt = applicationUser.AccessFailedCount,
-            EmailVerified = applicationUser.EmailConfirmed,
-            Credentials = new List<UserCredential>
-            {
-                new UserCredential
-                {
-                    Id = Guid.NewGuid().ToString(),
-                    Value = applicationUser.PasswordHash,
-                    CredentialType = UserCredential.PWD,
-                    IsActive = true,
-                    HashAlg = PasswordHashAlgs.Microsoft
-                }
-            },
-            CreateDateTime = DateTime.UtcNow,
-            UpdateDateTime = DateTime.UtcNow
-        };
-        result.Status = result.IsBlocked() ? UserStatus.BLOCKED : UserStatus.ACTIVATED;
-        var claims = new List<UserClaim>();
-        var filteredClaims = userClaims.Where(c => c.UserId == applicationUser.Id);
-        claims.AddRange(filteredClaims);
-        if (!string.IsNullOrWhiteSpace(applicationUser.PhoneNumber) && !claims.Any(c => c.Type == JwtRegisteredClaimNames.PhoneNumber))
-        {
-            claims.Add(new UserClaim
-            {
-                Id = Guid.NewGuid().ToString(),
-                Name = JwtRegisteredClaimNames.PhoneNumber,
-                Value = applicationUser.PhoneNumber
-            });
-        }
-
-        if (!claims.Any(c => c.Type == JwtRegisteredClaimNames.PhoneNumberVerified))
-        {
-            claims.Add(new UserClaim
-            {
-                Id = Guid.NewGuid().ToString(),
-                Name = JwtRegisteredClaimNames.PhoneNumberVerified,
-                Value = applicationUser.PhoneNumberConfirmed.ToString().ToLowerInvariant()
-            });
-        }
-
-        result.OAuthUserClaims = claims;
-        result.Groups = groupIds.Select(groupId => new GroupUser
-        {
-            GroupsId = groupId
-        }).ToList();
-        return result;
-    }
-
     private static ClientTypes ResolveClientType(DuendeClient client)
     {
         var grantTypes = client.AllowedGrantTypes.Select(g => g.GrantType).ToList();

src/IdServer/SimpleIdServer.IdServer.Migrations.Openiddict/ApplicationDbContext.cs

@@ -0,0 +1,19 @@
+// Copyright (c) SimpleIdServer. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore;
+
+namespace SimpleIdServer.IdServer.Migrations.Openiddict;
+
+public class ApplicationDbContext : IdentityDbContext<ApplicationUser>, IApplicationDbContext
+{
+    public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
+        : base(options)
+    {
+    }
+
+    protected override void OnModelCreating(ModelBuilder builder)
+    {
+        base.OnModelCreating(builder);
+    }
+}

src/IdServer/SimpleIdServer.IdServer.Migrations.Openiddict/ConfigurationDbContext.cs

@@ -0,0 +1,18 @@
+// Copyright (c) SimpleIdServer. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+using Microsoft.EntityFrameworkCore;
+using OpenIddict.EntityFrameworkCore.Models;
+
+namespace SimpleIdServer.IdServer.Migrations.Openiddict;
+
+public class ConfigurationDbcontext : DbContext
+{
+    public ConfigurationDbcontext(DbContextOptions<ConfigurationDbcontext> options)
+        : base(options)
+    {
+    }
+
+    public DbSet<OpenIddictEntityFrameworkCoreApplication> Applications => Set<OpenIddictEntityFrameworkCoreApplication>();
+    public DbSet<OpenIddictEntityFrameworkCoreScope> Scopes => Set<OpenIddictEntityFrameworkCoreScope>();
+}