Skip to content

Commit

Permalink
Improve Principal handling for OIDC and resolve Logout issue (caused …
Browse files Browse the repository at this point in the history
…by AntiForgeryToken)
  • Loading branch information
sbwalker committed Mar 15, 2022
1 parent 9b69e13 commit d51ba8f
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 18 deletions.
18 changes: 10 additions & 8 deletions Oqtane.Client/Themes/Controls/Theme/LoginBase.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
using System;
using System.Net;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Components;
using Microsoft.JSInterop;
Expand Down Expand Up @@ -34,24 +35,25 @@ protected async Task LogoutUser()
{
await UserService.LogoutUserAsync(PageState.User);
await LoggingService.Log(PageState.Alias, PageState.Page.PageId, PageState.ModuleId, PageState.User.UserId, GetType().AssemblyQualifiedName, "Logout", LogFunction.Security, LogLevel.Information, null, "User Logout For Username {Username}", PageState.User.Username);

PageState.User = null;
bool authorizedtoviewpage = UserSecurity.IsAuthorized(PageState.User, PermissionNames.View, PageState.Page.Permissions);

var url = PageState.Alias.Path + "/" + PageState.Page.Path;
if (!UserSecurity.IsAuthorized(PageState.User, PermissionNames.View, PageState.Page.Permissions))
{
url = PageState.Alias.Path;
}

if (PageState.Runtime == Shared.Runtime.Server)
{
// server-side Blazor needs to post to the Logout page
var fields = new { __RequestVerificationToken = SiteState.AntiForgeryToken, returnurl = !authorizedtoviewpage ? PageState.Alias.Path : PageState.Alias.Path + "/" + PageState.Page.Path };
string url = Utilities.TenantUrl(PageState.Alias, "/pages/logout/");
var interop = new Interop(jsRuntime);
await interop.SubmitForm(url, fields);
// server-side Blazor needs to redirect to the Logout page
NavigationManager.NavigateTo(Utilities.TenantUrl(PageState.Alias, "/pages/logout/") + "?returnurl=" + WebUtility.UrlEncode(url), true);
}
else
{
// client-side Blazor
var authstateprovider = (IdentityAuthenticationStateProvider)ServiceProvider.GetService(typeof(IdentityAuthenticationStateProvider));
authstateprovider.NotifyAuthenticationChanged();
NavigationManager.NavigateTo(NavigateUrl(!authorizedtoviewpage ? PageState.Alias.Path : PageState.Page.Path, true));
NavigationManager.NavigateTo(NavigateUrl(url, true));
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ private static async Task OnTokenValidated(TokenValidatedContext context)
identityuser.UserName = email;
identityuser.Email = email;
identityuser.EmailConfirmed = true;
var result = await _identityUserManager.CreateAsync(identityuser, Guid.NewGuid().ToString("N") + "-Xx!");
var result = await _identityUserManager.CreateAsync(identityuser, DateTime.UtcNow.ToString("yyyy-MMM-dd-HH-mm-ss"));
if (result.Succeeded)
{
user = new User();
Expand Down Expand Up @@ -164,17 +164,19 @@ private static async Task OnTokenValidated(TokenValidatedContext context)
user = _users.GetUser(email);
if (user != null)
{
List<UserRole> userroles = _userRoles.GetUserRoles(user.UserId, context.HttpContext.GetAlias().SiteId).ToList();
var identity = UserSecurity.CreateClaimsIdentity(context.HttpContext.GetAlias(), user, userroles);
var principal = (ClaimsIdentity)context.Principal.Identity;

var principalIdentity = (ClaimsIdentity)context.Principal.Identity;
foreach (var claim in identity.Claims)
// remove the name claim if it exists in the principal
var nameclaim = principal.Claims.FirstOrDefault(item => item.Type == ClaimTypes.Name);
if (nameclaim != null)
{
if (!principalIdentity.Claims.Contains(claim))
{
principalIdentity.AddClaim(claim);
}
principal.RemoveClaim(nameclaim);
}

// add Oqtane claims
List<UserRole> userroles = _userRoles.GetUserRoles(user.UserId, context.HttpContext.GetAlias().SiteId).ToList();
var identity = UserSecurity.CreateClaimsIdentity(context.HttpContext.GetAlias(), user, userroles);
principal.AddClaims(identity.Claims);
}
}
else
Expand Down
2 changes: 1 addition & 1 deletion Oqtane.Server/Pages/Logout.cshtml.cs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ namespace Oqtane.Pages
[AllowAnonymous]
public class LogoutModel : PageModel
{
public async Task<IActionResult> OnPostAsync(string returnurl)
public async Task<IActionResult> OnGetAsync(string returnurl)
{
if (HttpContext.User.Identity.IsAuthenticated)
{
Expand Down

0 comments on commit d51ba8f

Please sign in to comment.