diff --git a/Server/src/OAuth20.Server/Services/UserInfoService.cs b/Server/src/OAuth20.Server/Services/UserInfoService.cs index 33ac470..f044b68 100644 --- a/Server/src/OAuth20.Server/Services/UserInfoService.cs +++ b/Server/src/OAuth20.Server/Services/UserInfoService.cs @@ -9,9 +9,11 @@ Everyone is permitted to copy and distribute verbatim copies using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; +using NuGet.Versioning; using OAuth20.Server.Configuration; using OAuth20.Server.OauthRequest; using OAuth20.Server.OAuthResponse; +using OAuth20.Server.Services.Users; using OAuth20.Server.Validations; using System; using System.ComponentModel.DataAnnotations; @@ -33,31 +35,34 @@ public class UserInfoService private readonly IBearerTokenUsageTypeValidation _bearerTokenUsageTypeValidation; private readonly OAuthServerOptions _optionsMonitor; private readonly IClientService _clientService; + private readonly IUserManagerService _userManagerService; public UserInfoService(IHttpContextAccessor httpContextAccessor, IBearerTokenUsageTypeValidation bearerTokenUsageTypeValidation, IOptionsMonitor optionsMonitor, - IClientService clientService) + IClientService clientService, + IUserManagerService userManagerService) { _httpContextAccessor = httpContextAccessor; - _bearerTokenUsageTypeValidation= bearerTokenUsageTypeValidation; + _bearerTokenUsageTypeValidation = bearerTokenUsageTypeValidation; _optionsMonitor = optionsMonitor.CurrentValue ?? new OAuthServerOptions(); _clientService = clientService; + _userManagerService = userManagerService; } public async Task GetUserInfoAsync() { + var response = new UserInfoResponse(); var bearerTokenUsages = await _bearerTokenUsageTypeValidation.ValidateAsync(); if (bearerTokenUsages.Succeeded == false) { - return new UserInfoResponse - { - Claims = null, - Succeeded = false, - Error = "no token found", - ErrorDescription = "Make sure to add the token as bearer to Authentication header in the request" - }; + response.Claims = null; + response.Succeeded = false; + response.Error = "no token found"; + response.ErrorDescription = "Make sure to add the token as bearer to Authentication header in the request"; + + } else { @@ -72,6 +77,7 @@ public async Task GetUserInfoAsync() var clientId = jwtSecurityToken.Audiences.FirstOrDefault(); var client = await _clientService.GetClientByIdAsync(clientId); + // TODO: // check if client is null. // check if client is not active. @@ -93,11 +99,21 @@ public async Task GetUserInfoAsync() if (tokenValidationReslt.IsValid) { - int exp = (int)tokenValidationReslt.Claims.FirstOrDefault(x => x.Key == "exp").Value; + string userId = tokenValidationReslt.ClaimsIdentity.FindFirst("sub")?.Value; + + // TODO: + // check userId is null + + var user = await _userManagerService.GetUserAsync(userId); + // TODO: + // check user is null + + + // here build the response as json + string scope = (tokenValidationReslt.Claims.FirstOrDefault(x => x.Key == "scope").Value).ToString(); - string aud = (tokenValidationReslt.Claims.FirstOrDefault(x => x.Key == "aud").Value).ToString(); - + //response.Active = true; //response.TokenType = "access_token"; //response.Exp = exp; @@ -110,19 +126,15 @@ public async Task GetUserInfoAsync() } catch (Exception ex) // maybe SecurityTokenException { - //_logger.LogCritical("There is an exception that is thrown while validating the token {exception}", ex); - //response.Active = false; - return new UserInfoResponse - { - Claims = null, - Succeeded = false, - Error = "invalid_token", - ErrorDescription = "token is not valid" - - }; + response.Claims = null; + response.Succeeded = false; + response.Error = "invalid_token"; + response.ErrorDescription = "token is not valid"; } - return null; + } + + return response; } } diff --git a/Server/src/OAuth20.Server/Services/Users/IUserManagerService.cs b/Server/src/OAuth20.Server/Services/Users/IUserManagerService.cs index 4e964e9..5464a1e 100644 --- a/Server/src/OAuth20.Server/Services/Users/IUserManagerService.cs +++ b/Server/src/OAuth20.Server/Services/Users/IUserManagerService.cs @@ -6,6 +6,7 @@ Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. */ +using OAuth20.Server.Models.Entities; using OAuth20.Server.OauthRequest; using OAuth20.Server.OauthResponse; using System.Threading.Tasks; @@ -14,6 +15,7 @@ namespace OAuth20.Server.Services.Users { public interface IUserManagerService { + Task GetUserAsync(string userId); Task LoginUserAsync(LoginRequest request); Task CreateUserAsync(CreateUserRequest request); Task LoginUserByOpenIdAsync(OpenIdConnectLoginRequest request); diff --git a/Server/src/OAuth20.Server/Services/Users/UserManagerService.cs b/Server/src/OAuth20.Server/Services/Users/UserManagerService.cs index 284746b..0900c97 100644 --- a/Server/src/OAuth20.Server/Services/Users/UserManagerService.cs +++ b/Server/src/OAuth20.Server/Services/Users/UserManagerService.cs @@ -30,6 +30,15 @@ public UserManagerService(UserManager userManager, SignInManager GetUserAsync(string userId) + { + var user = await _userManager.FindByIdAsync(userId); + if (user == null) + return null; + else + return user; + } + public async Task LoginUserAsync(LoginRequest request) { var validationResult = validateLoginRequest(request);