blob: e8ff3c0633da09934e3dea4f10df1df1c0791722 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
using VPNAuth.Server.Responses;
namespace VPNAuth.Server.Api;
public static class Oidc
{
public static async Task UserInfoHandler(HttpContext context)
{
if (context.Request.Method != "GET" && context.Request.Method != "POST")
{
context.Response.StatusCode = StatusCodes.Status405MethodNotAllowed;
return;
}
var tokenHeader = context.Request.Headers["Authorization"].First()?.Split(" ");
if (tokenHeader?.Length == 1 || tokenHeader?[0] != "Bearer")
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
return;
}
if (tokenHeader.Length < 2)
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
return;
}
using var db = new Database.Database();
var tokenDbEntry = db.AccessTokens
.Where(tokenEntry => tokenEntry.Token == tokenHeader[1])
.ToList()
.FirstOrDefault();
if (tokenDbEntry == null)
{
context.Response.StatusCode = StatusCodes.Status403Forbidden;
return;
}
if (!tokenDbEntry.Scopes.Contains("openid"))
{
context.Response.StatusCode = StatusCodes.Status403Forbidden;
return;
}
var userInformation = db.UserInformation
.Where(entry => entry.Sub == tokenDbEntry.Username)
.ToList()
.FirstOrDefault();
if (userInformation == null)
{
context.Response.StatusCode = StatusCodes.Status204NoContent;
return;
}
var userInfoResponse = new UserInfo();
if (tokenDbEntry.Scopes.Contains("profile"))
{
userInfoResponse.GivenName = userInformation.GivenName;
userInfoResponse.FamilyName = userInformation.FamilyName;
userInfoResponse.Name = userInformation.Name;
userInfoResponse.Picture = userInformation.Picture;
userInfoResponse.PreferredUsername = userInformation.PreferredUsername;
}
if (tokenDbEntry.Scopes.Contains("email"))
userInfoResponse.Email = userInformation.Email;
userInfoResponse.Sub = userInformation.Sub;
await context.Response.WriteAsJsonAsync(userInfoResponse);
}
}
|
