Skip to content

Commit

Permalink
startup improvements
Browse files Browse the repository at this point in the history
  • Loading branch information
DmyMi committed Jan 12, 2025
1 parent 6d6973e commit 982a40a
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 27 deletions.
3 changes: 3 additions & 0 deletions OutOfSchool/OutOfSchool.AuthCommon/AuthServerConstants.cs
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ namespace OutOfSchool.AuthCommon;

public static class AuthServerConstants
{
public const string LoginPath = "login";
public const string LogoutPath = "logout";
public const string AllowedUserNameCharacters = "абвгдеєжзиіклмнопрстуфхцчшщюяАБВГДЕЄЖЗИІКЛМНОПРСТУФХЦЧШЩЮЯabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
public const string ExternalAuthSelectedRoleKey = "external_selected_role";
public const string ExternalAuthUserIdKey = "external_user_id";

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ namespace OutOfSchool.AuthCommon.Controllers;

public class AccountController : Controller
{
private const string ReturnUrl = "Login";
private readonly SignInManager<User> signInManager;
private readonly UserManager<User> userManager;
private readonly IEmailSenderService emailSender;
Expand Down Expand Up @@ -46,7 +45,7 @@ public AccountController(
[Authorize]
[FeatureGate(AuthServerConstants.FeatureManagement.EmailManagement)]
[Obsolete("Change email API is no longer supported. Exists only for testing purposes.")]
public IActionResult ChangeEmail(string returnUrl = "Login")
public IActionResult ChangeEmail(string returnUrl = AuthServerConstants.LoginPath)
{
return View("Email/ChangeEmail", new ChangeEmailViewModel() { ReturnUrl = returnUrl });
}
Expand Down Expand Up @@ -194,7 +193,7 @@ public async Task<IActionResult> ReSendEmailConfirmation()
var user = await userManager.FindByEmailAsync(User.Identity.Name);
var token = await userManager.GenerateEmailConfirmationTokenAsync(user);
var email = user.Email;
var passedData = new { token, email, ReturnUrl };
var passedData = new { token, email, AuthServerConstants.LoginPath };

await SendConfirmEmailProcess(nameof(EmailConfirmation), user, RazorTemplates.ConfirmEmail, passedData);

Expand Down Expand Up @@ -257,7 +256,7 @@ public async Task<IActionResult> EmailConfirmation(string email, string token)
[HttpGet]
[FeatureGate(AuthServerConstants.FeatureManagement.PasswordManagement)]
[Obsolete("Forgot password API is no longer supported. Exists only for testing purposes.")]
public IActionResult ForgotPassword(string returnUrl = "Login")
public IActionResult ForgotPassword(string returnUrl = AuthServerConstants.LoginPath)
{
return View("Password/ForgotPassword", new ForgotPasswordViewModel() { ReturnUrl = returnUrl });
}
Expand Down Expand Up @@ -410,7 +409,7 @@ public async Task<IActionResult> ResetPassword(ResetPasswordViewModel model)
[Authorize]
[FeatureGate(AuthServerConstants.FeatureManagement.PasswordManagement)]
[Obsolete("Change password API is no longer supported. Exists only for testing purposes.")]
public IActionResult ChangePassword(string returnUrl = "Login")
public IActionResult ChangePassword(string returnUrl = AuthServerConstants.LoginPath)
{
return View("Password/ChangePassword", new ChangePasswordViewModel() { ReturnUrl = returnUrl });
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ public async Task<IActionResult> Logout(string logoutId)
/// <returns>A <see cref="Task{TResult}"/> representing the result of the asynchronous operation.</returns>
[Route("~/login")]
[HttpGet]
public async Task<IActionResult> Login(string returnUrl = "login", bool? providerRegistration = null)
public async Task<IActionResult> Login(string returnUrl = AuthServerConstants.LoginPath, bool? providerRegistration = null)
{
if (providerRegistration ?? GetProviderRegistrationFromUri(returnUrl))
{
Expand Down Expand Up @@ -244,7 +244,7 @@ public async Task<IActionResult> Login(LoginViewModel model)
[HttpGet]
[Obsolete("Change password API is no longer supported. Exists only for testing purposes.")]
[FeatureGate(AuthServerConstants.FeatureManagement.PasswordLogin)]
public IActionResult ChangePasswordLogin(string email, string returnUrl = "Login")
public IActionResult ChangePasswordLogin(string email, string returnUrl = AuthServerConstants.LoginPath)
{
return View(new ChangePasswordLoginViewModel { Email = email, ReturnUrl = returnUrl });
}
Expand Down Expand Up @@ -325,7 +325,7 @@ await userManagerAdditionalService.ChangePasswordWithRequiredMustChangePasswordA
[HttpGet]
[FeatureGate(AuthServerConstants.FeatureManagement.PasswordRegistration)]
[Obsolete("Registration API is no longer supported. Exists only for testing purposes.")]
public IActionResult Register(string returnUrl = "login", bool? providerRegistration = null)
public IActionResult Register(string returnUrl = AuthServerConstants.LoginPath, bool? providerRegistration = null)
{
return View(new RegisterViewModel
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ public async Task<IActionResult> ExternalLoginCallback()
return this.View("~/Views/Auth/Login.cshtml", new LoginViewModel
{
ExternalProviders = await signInManager.GetExternalAuthenticationSchemesAsync(),
ReturnUrl = result.Properties?.RedirectUri ?? "/login",
ReturnUrl = result.Properties?.RedirectUri ?? $"/{AuthServerConstants.LoginPath}",
});
}

Expand Down Expand Up @@ -137,7 +137,7 @@ public async Task<IActionResult> ExternalLoginCallback()
return View("~/Views/Auth/Login.cshtml", new LoginViewModel
{
ExternalProviders = await signInManager.GetExternalAuthenticationSchemesAsync(),
ReturnUrl = result.Properties?.RedirectUri ?? "/login",
ReturnUrl = result.Properties?.RedirectUri ?? $"/{AuthServerConstants.LoginPath}",
}) as IActionResult;
},
Task.FromResult);
Expand Down Expand Up @@ -195,7 +195,7 @@ private async Task<Either<IErrorResponse, IActionResult>> SignInUserAsync(
return this.View("~/Views/Auth/Login.cshtml", new LoginViewModel
{
ExternalProviders = await signInManager.GetExternalAuthenticationSchemesAsync(),
ReturnUrl = result.Properties?.RedirectUri ?? "/login",
ReturnUrl = result.Properties?.RedirectUri ?? $"/{AuthServerConstants.LoginPath}",
}) as ActionResult;
},
async properties =>
Expand Down Expand Up @@ -360,7 +360,7 @@ private async Task<Either<IErrorResponse, AuthenticationProperties>> SignInWithC
{
var properties = new AuthenticationProperties
{
RedirectUri = result.Properties?.RedirectUri ?? "/login",
RedirectUri = result.Properties?.RedirectUri ?? $"/{AuthServerConstants.LoginPath}",
IsPersistent = false,
};

Expand Down
40 changes: 25 additions & 15 deletions OutOfSchool/OutOfSchool.AuthorizationServer/Startup.cs
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ await services.AddDefaultQuartz(
services.AddIdentity<User, IdentityRole>(options =>
{
options.User.RequireUniqueEmail = false;
options.User.AllowedUserNameCharacters = "абвгдеєжзиіклмнопрстуфхцчшщюяАБВГДЕЄЖЗИІКЛМНОПРСТУФХЦЧШЩЮЯabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
options.User.AllowedUserNameCharacters = AuthServerConstants.AllowedUserNameCharacters;
options.SignIn.RequireConfirmedAccount = false;
options.SignIn.RequireConfirmedEmail = false;
options.SignIn.RequireConfirmedPhoneNumber = false;
Expand All @@ -99,8 +99,8 @@ await services.AddDefaultQuartz(
services.ConfigureApplicationCookie(c =>
{
c.Cookie.Name = "OpenIdDict.Cookie";
c.LoginPath = "/login";
c.LogoutPath = "/logout";
c.LoginPath = $"/{AuthServerConstants.LoginPath}";
c.LogoutPath = $"/{AuthServerConstants.LogoutPath}";
c.ExpireTimeSpan = TimeSpan.FromDays(Convert.ToInt32(expireDaysStr));
});

Expand Down Expand Up @@ -169,6 +169,7 @@ await services.AddDefaultQuartz(
options.AddEphemeralEncryptionKey()
.AddEphemeralSigningKey();
aspNetCoreBuilder.DisableTransportSecurityRequirement();
options.DisableAccessTokenEncryption();
}
else
{
Expand All @@ -177,8 +178,6 @@ await services.AddDefaultQuartz(
options.AddSigningCertificate(certificate)
.AddEncryptionCertificate(certificate);
}

options.DisableAccessTokenEncryption(); //TODO: Maybe do encrypt? :)
})
.AddClient(options =>
{
Expand All @@ -190,7 +189,7 @@ await services.AddDefaultQuartz(
RedirectUri = new Uri($"{config["Identity:Authority"]}/callback/idgovua"),
ProviderName = "IdGovUa",
ProviderDisplayName = "id.gov.ua",
Scopes = { "profile" },
Scopes = { OpenIddictConstants.Scopes.Profile },

// Token validation is not supported by id.gov.ua.
TokenValidationParameters =
Expand All @@ -212,19 +211,30 @@ await services.AddDefaultQuartz(
},
});
options.UseSystemNetHttp();
options.UseAspNetCore()
.EnableRedirectionEndpointPassthrough()
.EnablePostLogoutRedirectionEndpointPassthrough()
//TODO: make development only
.DisableTransportSecurityRequirement();

options
.AllowClientCredentialsFlow()
.AllowAuthorizationCodeFlow()
.AllowRefreshTokenFlow()
.AddEventHandler(ExtractUserIdFromTokenResponseHandler.Descriptor)
//TODO: make development only
.AddDevelopmentSigningCertificate()
.AddEphemeralEncryptionKey();
.AddEventHandler(ExtractUserIdFromTokenResponseHandler.Descriptor);

var aspNetCoreBuilder = options.UseAspNetCore()
.EnableRedirectionEndpointPassthrough()
.EnablePostLogoutRedirectionEndpointPassthrough();

if (builder.Environment.IsDevelopment())
{
options.AddDevelopmentSigningCertificate()
.AddEphemeralEncryptionKey();
aspNetCoreBuilder.DisableTransportSecurityRequirement();
}
else
{
var certificate = ExternalCertificate.LoadCertificates(authorizationConfig.Certificate);
// TODO: create two different certificates after testing this
options.AddSigningCertificate(certificate)
.AddEncryptionCertificate(certificate);
}
})
.AddValidation(options =>
{
Expand Down

0 comments on commit 982a40a

Please sign in to comment.