// (c) Copyright Ascensio System SIA 2010-2022 // // This program is a free software product. // You can redistribute it and/or modify it under the terms // of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software // Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended // to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of // any third-party rights. // // This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty // of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see // the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html // // You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021. // // The interactive user interfaces in modified source and object code versions of the Program must // display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3. // // Pursuant to Section 7(b) of the License you must retain the original Product logo when // distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under // trademark law for use of our trademarks. // // All the Product's GUI elements, including illustrations and icon sets, as well as technical writing // content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0 // International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode namespace ASC.FederatedLogin.Helpers; [Scope] public class OAuth20TokenHelper { private readonly IHttpContextAccessor _httpContextAccessor; private readonly ConsumerFactory _consumerFactory; private readonly RequestHelper _requestHelper; public OAuth20TokenHelper(IHttpContextAccessor httpContextAccessor, ConsumerFactory consumerFactory, RequestHelper requestHelper) { _httpContextAccessor = httpContextAccessor; _consumerFactory = consumerFactory; _requestHelper = requestHelper; } public string RequestCode(string scope = null, IDictionary additionalArgs = null, IDictionary additionalStateArgs = null) where T : Consumer, IOAuthProvider, new() { var loginProvider = _consumerFactory.Get(); var requestUrl = loginProvider.CodeUrl; var clientID = loginProvider.ClientID; var redirectUri = loginProvider.RedirectUri; var uriBuilder = new UriBuilder(requestUrl); var query = uriBuilder.Query; if (!string.IsNullOrEmpty(query)) { query += "&"; } query += "response_type=code"; if (!string.IsNullOrEmpty(clientID)) { query += $"&client_id={HttpUtility.UrlEncode(clientID)}"; } if (!string.IsNullOrEmpty(redirectUri)) { query += $"&redirect_uri={HttpUtility.UrlEncode(redirectUri)}"; } if (!string.IsNullOrEmpty(scope)) { query += $"&scope={HttpUtility.UrlEncode(scope)}"; } var u = _httpContextAccessor.HttpContext.Request.GetUrlRewriter(); var stateUriBuilder = new UriBuilder(u.Scheme, u.Host, u.Port, $"thirdparty/{loginProvider.Name.ToLower()}/code"); if (additionalStateArgs != null && additionalStateArgs.Count > 0) { var stateQuery = ""; stateQuery = additionalStateArgs.Keys .Where(a => a != null) .Aggregate(stateQuery, (current, a) => a != null ? $"{current}&{a.Trim()}={additionalStateArgs[a] ?? "".Trim()}" : null); stateUriBuilder.Query = stateQuery.Substring(1); } var state = HttpUtility.UrlEncode(stateUriBuilder.Uri.AbsoluteUri); query += $"&state={state}"; if (additionalArgs != null) { query = additionalArgs.Keys.Where(additionalArg => additionalArg != null) .Aggregate(query, (current, additionalArg) => additionalArg != null ? current + "&" + HttpUtility.UrlEncode(additionalArg.Trim()) + "=" + HttpUtility.UrlEncode((additionalArgs[additionalArg] ?? "").Trim()) : null); } return uriBuilder.Uri + "?" + query; } public OAuth20Token GetAccessToken(ConsumerFactory consumerFactory, string authCode) where T : Consumer, IOAuthProvider, new() { var loginProvider = consumerFactory.Get(); var requestUrl = loginProvider.AccessTokenUrl; var clientID = loginProvider.ClientID; var clientSecret = loginProvider.ClientSecret; var redirectUri = loginProvider.RedirectUri; ArgumentNullOrEmptyException.ThrowIfNullOrEmpty(authCode); ArgumentNullOrEmptyException.ThrowIfNullOrEmpty(clientID); ArgumentNullOrEmptyException.ThrowIfNullOrEmpty(clientSecret); var data = $"code={HttpUtility.UrlEncode(authCode)}&client_id={HttpUtility.UrlEncode(clientID)}&client_secret={HttpUtility.UrlEncode(clientSecret)}"; if (!string.IsNullOrEmpty(redirectUri)) { data += "&redirect_uri=" + HttpUtility.UrlEncode(redirectUri); } data += "&grant_type=authorization_code"; var json = _requestHelper.PerformRequest(requestUrl, "application/x-www-form-urlencoded", "POST", data); if (json != null) { if (!json.StartsWith('{')) { json = "{\"" + json.Replace("=", "\":\"").Replace("&", "\",\"") + "\"}"; } var token = OAuth20Token.FromJson(json); if (token == null) { return null; } token.ClientID = clientID; token.ClientSecret = clientSecret; token.RedirectUri = redirectUri; return token; } return null; } public OAuth20Token RefreshToken(ConsumerFactory consumerFactory, OAuth20Token token) where T : Consumer, IOAuthProvider, new() { var loginProvider = consumerFactory.Get(); return RefreshToken(loginProvider.AccessTokenUrl, token); } public OAuth20Token RefreshToken(string requestUrl, OAuth20Token token) { if (token == null || !CanRefresh(token)) { throw new ArgumentException("Can not refresh given token", nameof(token)); } var data = $"client_id={HttpUtility.UrlEncode(token.ClientID)}&client_secret={HttpUtility.UrlEncode(token.ClientSecret)}&refresh_token={HttpUtility.UrlEncode(token.RefreshToken)}&grant_type=refresh_token"; var json = _requestHelper.PerformRequest(requestUrl, "application/x-www-form-urlencoded", "POST", data); if (json != null) { var refreshed = OAuth20Token.FromJson(json); refreshed.ClientID = token.ClientID; refreshed.ClientSecret = token.ClientSecret; refreshed.RedirectUri = token.RedirectUri; refreshed.RefreshToken ??= token.RefreshToken; return refreshed; } return token; } private static bool CanRefresh(OAuth20Token token) { return !string.IsNullOrEmpty(token.ClientID) && !string.IsNullOrEmpty(token.ClientSecret); } }