blob: 6c15113fc1b201db29a33997d4a3a07d8b93d58f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
using VPNAuth.Server.Responses;
namespace VPNAuth.Server.Api;
public static class Oidc
{
public static async Task UserInfoHandler(HttpContext context)
{
if (context.Request.Method != "GET" && context.Request.Method != "POST")
{
context.Response.StatusCode = StatusCodes.Status405MethodNotAllowed;
return;
}
var tokenHeader = context.Request.Headers["Authorization"].First()?.Split(" ");
if (tokenHeader?.Length == 1 || tokenHeader?[0] != "Bearer")
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
return;
}
if (tokenHeader.Length < 2)
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
return;
}
using var db = new Database.Database();
var tokenDbEntry = db.AccessTokens
.Where(tokenEntry => tokenEntry.Token == tokenHeader[1])
.ToList()
.FirstOrDefault();
if (tokenDbEntry == null)
{
context.Response.StatusCode = StatusCodes.Status403Forbidden;
return;
}
if (!tokenDbEntry.Scopes.Contains("openid"))
{
context.Response.StatusCode = StatusCodes.Status403Forbidden;
return;
}
var userInformation = db.UserInformation
.Where(entry => entry.Sub == tokenDbEntry.Username)
.ToList()
.FirstOrDefault();
if (userInformation == null)
{
context.Response.StatusCode = StatusCodes.Status204NoContent;
return;
}
var userInfoResponse = new UserInfo();
if (tokenDbEntry.Scopes.Contains("profile"))
{
userInfoResponse.GivenName = userInformation.GivenName;
userInfoResponse.FamilyName = userInformation.FamilyName;
userInfoResponse.Name = userInformation.Name;
userInfoResponse.Picture = userInformation.Picture;
userInfoResponse.PreferredUsername = userInformation.PreferredUsername;
}
if (tokenDbEntry.Scopes.Contains("email"))
userInfoResponse.Email = userInformation.Email;
userInfoResponse.Sub = userInformation.Sub;
await context.Response.WriteAsJsonAsync(userInfoResponse);
}
public static async Task DiscoveryHandler(HttpContext context)
{
if (!context.Request.Host.HasValue)
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
return;
}
var serverAddress = context.Request.IsHttps ? "https://" : "http://" + context.Request.Host.Value;
await context.Response.WriteAsJsonAsync(new OidcDiscovery
{
Issuer = serverAddress + "/",
AuthorizationEndpoint = $"{serverAddress}/auth",
TokenEndpoint = $"{serverAddress}/access-token",
UserInfoEndpoint = $"{serverAddress}/user-info",
JwksUri = "",
ResponseTypesSupported = ["code"],
SubjectTypesSupported = [],
IdTokenSigningAlgValuesSupported = ["RS256"]
});
}
}
|
