🐛 Dozen of bugs fixes
This commit is contained in:
@ -9,16 +9,14 @@ using DysonNetwork.Sphere.Developer;
|
||||
|
||||
namespace DysonNetwork.Sphere.Pages.Auth;
|
||||
|
||||
[Authorize]
|
||||
public class AuthorizeModel(OidcProviderService oidcService) : PageModel
|
||||
{
|
||||
[BindProperty(SupportsGet = true)]
|
||||
public string? ReturnUrl { get; set; }
|
||||
[BindProperty(SupportsGet = true)] public string? ReturnUrl { get; set; }
|
||||
|
||||
[BindProperty(SupportsGet = true, Name = "client_id")]
|
||||
[Required(ErrorMessage = "The client_id parameter is required")]
|
||||
public string? ClientIdString { get; set; }
|
||||
|
||||
|
||||
public Guid ClientId { get; set; }
|
||||
|
||||
[BindProperty(SupportsGet = true, Name = "response_type")]
|
||||
@ -27,22 +25,19 @@ public class AuthorizeModel(OidcProviderService oidcService) : PageModel
|
||||
[BindProperty(SupportsGet = true, Name = "redirect_uri")]
|
||||
public string? RedirectUri { get; set; }
|
||||
|
||||
[BindProperty(SupportsGet = true)]
|
||||
public string? Scope { get; set; }
|
||||
[BindProperty(SupportsGet = true)] public string? Scope { get; set; }
|
||||
|
||||
[BindProperty(SupportsGet = true)]
|
||||
public string? State { get; set; }
|
||||
[BindProperty(SupportsGet = true)] public string? State { get; set; }
|
||||
|
||||
[BindProperty(SupportsGet = true)] public string? Nonce { get; set; }
|
||||
|
||||
[BindProperty(SupportsGet = true)]
|
||||
public string? Nonce { get; set; }
|
||||
|
||||
|
||||
[BindProperty(SupportsGet = true, Name = "code_challenge")]
|
||||
public string? CodeChallenge { get; set; }
|
||||
|
||||
|
||||
[BindProperty(SupportsGet = true, Name = "code_challenge_method")]
|
||||
public string? CodeChallengeMethod { get; set; }
|
||||
|
||||
|
||||
[BindProperty(SupportsGet = true, Name = "response_mode")]
|
||||
public string? ResponseMode { get; set; }
|
||||
|
||||
@ -50,21 +45,21 @@ public class AuthorizeModel(OidcProviderService oidcService) : PageModel
|
||||
public string? AppLogo { get; set; }
|
||||
public string? AppUri { get; set; }
|
||||
public string[]? RequestedScopes { get; set; }
|
||||
|
||||
|
||||
public async Task<IActionResult> OnGetAsync()
|
||||
{
|
||||
if (HttpContext.Items["CurrentUser"] is not Sphere.Account.Account)
|
||||
{
|
||||
var returnUrl = Uri.EscapeDataString($"{Request.Path}{Request.QueryString}");
|
||||
return RedirectToPage($"/Auth/Login?returnUrl={returnUrl}");
|
||||
return RedirectToPage("/Auth/Login", new { returnUrl });
|
||||
}
|
||||
|
||||
|
||||
if (string.IsNullOrEmpty(ClientIdString) || !Guid.TryParse(ClientIdString, out var clientId))
|
||||
{
|
||||
ModelState.AddModelError("client_id", "Invalid client_id format");
|
||||
return BadRequest("Invalid client_id format");
|
||||
}
|
||||
|
||||
|
||||
ClientId = clientId;
|
||||
|
||||
var client = await oidcService.FindClientByIdAsync(ClientId);
|
||||
@ -73,7 +68,7 @@ public class AuthorizeModel(OidcProviderService oidcService) : PageModel
|
||||
ModelState.AddModelError("client_id", "Client not found");
|
||||
return NotFound("Client not found");
|
||||
}
|
||||
|
||||
|
||||
if (client.Status != CustomAppStatus.Developing)
|
||||
{
|
||||
// Validate redirect URI for non-Developing apps
|
||||
@ -93,14 +88,14 @@ public class AuthorizeModel(OidcProviderService oidcService) : PageModel
|
||||
public async Task<IActionResult> OnPostAsync(bool allow)
|
||||
{
|
||||
if (HttpContext.Items["CurrentUser"] is not Sphere.Account.Account currentUser) return Unauthorized();
|
||||
|
||||
|
||||
// First, validate the client ID
|
||||
if (string.IsNullOrEmpty(ClientIdString) || !Guid.TryParse(ClientIdString, out var clientId))
|
||||
{
|
||||
ModelState.AddModelError("client_id", "Invalid client_id format");
|
||||
return BadRequest("Invalid client_id format");
|
||||
}
|
||||
|
||||
|
||||
ClientId = clientId;
|
||||
|
||||
// Check if a client exists
|
||||
@ -116,14 +111,14 @@ public class AuthorizeModel(OidcProviderService oidcService) : PageModel
|
||||
// User denied the authorization request
|
||||
if (string.IsNullOrEmpty(RedirectUri))
|
||||
return BadRequest("No redirect_uri provided");
|
||||
|
||||
|
||||
var deniedUriBuilder = new UriBuilder(RedirectUri);
|
||||
var deniedQuery = System.Web.HttpUtility.ParseQueryString(deniedUriBuilder.Query);
|
||||
deniedQuery["error"] = "access_denied";
|
||||
deniedQuery["error_description"] = "The user denied the authorization request";
|
||||
if (!string.IsNullOrEmpty(State)) deniedQuery["state"] = State;
|
||||
deniedUriBuilder.Query = deniedQuery.ToString();
|
||||
|
||||
|
||||
return Redirect(deniedUriBuilder.ToString());
|
||||
}
|
||||
|
||||
@ -147,20 +142,20 @@ public class AuthorizeModel(OidcProviderService oidcService) : PageModel
|
||||
// Build the redirect URI with the authorization code
|
||||
var redirectUri = new UriBuilder(RedirectUri);
|
||||
var query = System.Web.HttpUtility.ParseQueryString(redirectUri.Query);
|
||||
|
||||
|
||||
// Add the authorization code
|
||||
query["code"] = authCode;
|
||||
|
||||
|
||||
// Add state if provided (for CSRF protection)
|
||||
if (!string.IsNullOrEmpty(State))
|
||||
{
|
||||
query["state"] = State;
|
||||
}
|
||||
|
||||
|
||||
// Set the query string
|
||||
redirectUri.Query = query.ToString();
|
||||
|
||||
// Redirect back to the client with the authorization code
|
||||
return Redirect(redirectUri.ToString());
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user