added Microser

2024-03-13 23:25:54 +03:00
parent d11ec09c4e
commit 7ae76afee4
208 changed files with 68884 additions and 0 deletions
--- a/src/Microser/Microser.IdS/Pages/ExternalLogin/Challenge.cshtml.cs
+++ b/src/Microser/Microser.IdS/Pages/ExternalLogin/Challenge.cshtml.cs
@@ -0,0 +1,49 @@
+// Copyright (c) Duende Software. All rights reserved.
+// See LICENSE in the project root for license information.
+
+using Duende.IdentityServer.Services;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace Microser.IdS.Pages.ExternalLogin
+{
+    [AllowAnonymous]
+    [SecurityHeaders]
+    public class Challenge : PageModel
+    {
+        private readonly IIdentityServerInteractionService _interactionService;
+
+        public Challenge(IIdentityServerInteractionService interactionService)
+        {
+            _interactionService = interactionService;
+        }
+
+        public IActionResult OnGet(string scheme, string? returnUrl)
+        {
+            if (string.IsNullOrEmpty(returnUrl)) returnUrl = "~/";
+
+            // validate returnUrl - either it is a valid OIDC URL or back to a local page
+            if (Url.IsLocalUrl(returnUrl) == false && _interactionService.IsValidReturnUrl(returnUrl) == false)
+            {
+                // user might have clicked on a malicious link - should be logged
+                throw new ArgumentException("invalid return URL");
+            }
+
+            // start challenge and roundtrip the return URL and scheme
+            var props = new AuthenticationProperties
+            {
+                RedirectUri = Url.Page("/externallogin/callback"),
+
+                Items =
+                {
+                    { "returnUrl", returnUrl },
+                    { "scheme", scheme },
+                }
+            };
+
+            return Challenge(props, scheme);
+        }
+    }
+}