diff --git a/FoxIDs.sln b/FoxIDs.sln index debce1aa5..6eb32cf55 100644 --- a/FoxIDs.sln +++ b/FoxIDs.sln @@ -54,6 +54,9 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "docs", "docs", "{CB5D86A0-D docs\faq.md = docs\faq.md docs\getting-started.md = docs\getting-started.md docs\howto-saml-2.0-context-handler.md = docs\howto-saml-2.0-context-handler.md + docs\howto-oidc-foxids.md = docs\howto-oidc-foxids.md + docs\howto-connect.md = docs\howto-connect.md + docs\howto-tracklink-foxids.md = docs\howto-tracklink-foxids.md docs\index.md = docs\index.md docs\language.md = docs\language.md docs\logging.md = docs\logging.md @@ -71,14 +74,12 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "docs", "docs", "{CB5D86A0-D docs\standard-support.md = docs\standard-support.md docs\up-party-howto-oidc-azure-ad-b2c.md = docs\up-party-howto-oidc-azure-ad-b2c.md docs\up-party-howto-oidc-azure-ad.md = docs\up-party-howto-oidc-azure-ad.md - docs\up-party-howto-oidc-foxids.md = docs\up-party-howto-oidc-foxids.md docs\up-party-howto-oidc-identityserver.md = docs\up-party-howto-oidc-identityserver.md docs\up-party-howto-oidc-nets-eid-broker.md = docs\up-party-howto-oidc-nets-eid-broker.md docs\up-party-howto-oidc-signicat.md = docs\up-party-howto-oidc-signicat.md docs\up-party-howto-saml-2.0-adfs.md = docs\up-party-howto-saml-2.0-adfs.md docs\up-party-howto-saml-2.0-nemlogin.md = docs\up-party-howto-saml-2.0-nemlogin.md docs\up-party-howto-saml-2.0-pingone.md = docs\up-party-howto-saml-2.0-pingone.md - docs\up-party-howto.md = docs\up-party-howto.md docs\up-party-oidc.md = docs\up-party-oidc.md docs\up-party-saml-2.0.md = docs\up-party-saml-2.0.md docs\update.md = docs\update.md @@ -166,6 +167,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "images", "images", "{CB8812 docs\images\howto-saml-nemlogin3-up-privilege-claim-tf.png = docs\images\howto-saml-nemlogin3-up-privilege-claim-tf.png docs\images\howto-saml-nemlogin3-up-read-metadata.png = docs\images\howto-saml-nemlogin3-up-read-metadata.png docs\images\howto-saml-nemlogin3-up-top.png = docs\images\howto-saml-nemlogin3-up-top.png + docs\images\howto-tracklink-foxids-down-party.png = docs\images\howto-tracklink-foxids-down-party.png + docs\images\howto-tracklink-foxids-up-party.png = docs\images\howto-tracklink-foxids-up-party.png docs\images\master-tenant2.png = docs\images\master-tenant2.png docs\images\parties-down-party-oauth.svg = docs\images\parties-down-party-oauth.svg docs\images\parties-down-party-oidc.svg = docs\images\parties-down-party-oidc.svg diff --git a/docs/_sidebar.md b/docs/_sidebar.md index 94fc9b6d9..3c0de6e2d 100644 --- a/docs/_sidebar.md +++ b/docs/_sidebar.md @@ -2,7 +2,7 @@ - [Getting Started](getting-started.md) - [Parties](parties.md) - [Login & HRD & 2FA/MFA](login.md) - - [How to connect IdP](up-party-howto.md) + - [How to connect](howto-connect.md) - [OpenID Connect](oidc.md) - [OAuth 2.0](oauth-2.0.md) - [SAML 2.0](saml-2.0.md) diff --git a/docs/deployment.md b/docs/deployment.md index 037860898..e6adacfd6 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -51,11 +51,11 @@ You can increment the password security level by uploading risk passwords. You can upload risk passwords with the FoxIDs seed tool console application. The seed tool code is [downloaded](https://github.com/ITfoxtec/FoxIDs/tree/master/tools/FoxIDs.SeedTool) and need to be compiled and [configured](#configure-the-seed-tool) to run. -Download the `SHA-1` pwned passwords `ordered by prevalence` from [haveibeenpwned.com/passwords](https://haveibeenpwned.com/Passwords). +Download the `SHA-1` pwned passwords in a single file from [haveibeenpwned.com/passwords](https://haveibeenpwned.com/Passwords) using the [PwnedPasswordsDownloader tool](https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader). > Be aware that it takes some time to upload all risk passwords. This step can be omitted and postponed to later. -The risk passwords are uploaded as bulk which has a higher consumption. Please make sure to adjust the Cosmos DB provisioned throughput (e.g. to 20000 RU/s or higher) temporarily. +The risk passwords are uploaded as bulk which has a higher consumption. Please make sure to adjust the Cosmos DB provisioned throughput (e.g. to 4000 RU/s or higher) temporarily. The throughput can be adjusted in Azure Cosmos DB --> Data Explorer --> Scale & Settings. You can read the number of risk passwords uploaded to FoxIDs in [FoxIDs Control Client](control.md#foxids-control-client) master tenant on the Risk Passwords tap. And you can test if a password is okay or has appeared in breaches. diff --git a/docs/down-party-oidc.md b/docs/down-party-oidc.md index 8ea799fa6..e07e4bf7d 100644 --- a/docs/down-party-oidc.md +++ b/docs/down-party-oidc.md @@ -22,6 +22,10 @@ There can be configured a maximum of 10 secrets per client. FoxIDs support the OpenID Connect [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). +How to guides: + +- Connect two FoxIDs tracks in the same or different tenants with [OpenID connect](howto-oidc-foxids.md) + > It is recommended to use OpenID Connect Authorization Code flow with PKCE, because it is considered a secure flow. ## Require multi-factor authentication (MFA) diff --git a/docs/up-party-howto.md b/docs/howto-connect.md similarity index 65% rename from docs/up-party-howto.md rename to docs/howto-connect.md index afee3c501..0b3e1ca89 100644 --- a/docs/up-party-howto.md +++ b/docs/howto-connect.md @@ -1,23 +1,31 @@ -# Up-party - How to connect Identity Provider (IdP) +# How to connect + +An [IdP is connected](#up-party---how-to-connect-identity-provider-idp) with a [up-party](parties.md#up-party) and an [application or API is connected]() with a [down-party](parties.md#down-party). + +It is possible to interconnect FoxIDs tracks either with a track link or OpenID Connect: + +- Connect two FoxIDs tracks in a tenant with a [track link](howto-tracklink-foxids.md) +- Connect two FoxIDs tracks in the same or different tenants with [OpenID connect](howto-oidc-foxids.md) + +## Up-party - How to connect Identity Provider (IdP) An Identity Provider (IdP) can be connected with an [OpenID Connect up-party](#openid-connect-up-party) or an [SAML 2.0 up-party](#saml-20-up-party). An Identity Provider (IdP) is more precisely called an OpenID Provider (OP) if configured with OpenID Connect. All IdPs supporting either OpenID Connect or SAML 2.0 can be connected to FoxIDs. The following is how to guides for some IdPs, more guides will be added over time. -## OpenID Connect up-party +### OpenID Connect up-party Configure [OpenID Connect up-party](up-party-oidc.md) which trust an external OpenID Provider (OP) - *an Identity Provider (IdP) is called an OpenID Provider (OP) if configured with OpenID Connect*. How to guides: -- Connect [FoxIDs](up-party-howto-oidc-foxids.md) between tracks, optionally in different tenants - Connect [Azure AD](up-party-howto-oidc-azure-ad.md) - Connect [Azure AD B2C](up-party-howto-oidc-azure-ad-b2c.md) - Connect [IdentityServer](up-party-howto-oidc-identityserver.md) - Connect [Signicat](up-party-howto-oidc-signicat.md) - Connect [Nets eID Broker](up-party-howto-oidc-nets-eid-broker.md) -## SAML 2.0 up-party +### SAML 2.0 up-party Configure [SAML 2.0 up-party](up-party-saml-2.0.md) which trust an external SAML 2.0 Identity Provider (IdP). @@ -26,4 +34,7 @@ How to guides: - Connect [AD FS](up-party-howto-saml-2.0-adfs.md) - Connect [PingIdentity / PingOne](up-party-howto-saml-2.0-pingone.md) - Connect [NemLog-in (Danish IdP)](up-party-howto-saml-2.0-nemlogin.md) -- Connect [Context Handler (Danish IdP)](howto-saml-2.0-context-handler.md#up-party---connect-to-context-handler) \ No newline at end of file +- Connect [Context Handler (Danish IdP)](howto-saml-2.0-context-handler.md#up-party---connect-to-context-handler) + +## Up-party - How to connect relying party (RP) +// TODO diff --git a/docs/up-party-howto-oidc-foxids.md b/docs/howto-oidc-foxids.md similarity index 94% rename from docs/up-party-howto-oidc-foxids.md rename to docs/howto-oidc-foxids.md index e099c9e9a..0cc0a8405 100644 --- a/docs/up-party-howto-oidc-foxids.md +++ b/docs/howto-oidc-foxids.md @@ -1,7 +1,9 @@ # Interconnect FoxIDs with OpenID Connect FoxIDs can be connected to another FoxIDs with OpenID Connect and thereby authenticating end users in another FoxIDs track or an external Identity Provider (IdP) configured as an up-party. -FoxIDs tracks can be interconnect in the same FoxIDs tenant or in different FoxIDs tenants. Interconnect can also be configured between FoxIDs tracks in different FoxIDs deployments. +FoxIDs tracks can be interconnect in the same FoxIDs tenant or in different FoxIDs tenants. Interconnections can also be configured between FoxIDs tracks in different FoxIDs deployments. + +> You can easy connect two tracks in the same tenant with a [track link](howto-tracklink-foxids.md). The integration between two FoxIDs tracks support [OpenID Connect authentication](https://openid.net/specs/openid-connect-core-1_0.html#Authentication) (login), [RP-initiated logout](https://openid.net/specs/openid-connect-rpinitiated-1_0.html) and [front-channel logout](https://openid.net/specs/openid-connect-frontchannel-1_0.html). A session is established when the user authenticates and the session is invalidated on logout. diff --git a/docs/howto-saml-2.0-context-handler.md b/docs/howto-saml-2.0-context-handler.md index 49a878b31..5b8005ab5 100644 --- a/docs/howto-saml-2.0-context-handler.md +++ b/docs/howto-saml-2.0-context-handler.md @@ -18,7 +18,7 @@ Context Handler documentation and configuration: Context Handler requires the Relying Party (RP) and Identity Provider (IdP) to use different OSES certificates. Therefore, consider connecting Context Handler in separate tracks where the OCES certificates can be configured without affecting any other configurations. -Two FoxIDs tracks can be connected with OpenID Connect. Please see the [connect FoxIDs with OpenID Connect](up-party-howto-oidc-foxids.md) guide. The track with a up-party connected to Context Handler is called the parallel FoxIDs track in the guide. +Two FoxIDs tracks can be connected with OpenID Connect. Please see the [connect FoxIDs with OpenID Connect](howto-oidc-foxids.md) guide. The track with a up-party connected to Context Handler is called the parallel FoxIDs track in the guide. ## Certificate diff --git a/docs/howto-tracklink-foxids.md b/docs/howto-tracklink-foxids.md new file mode 100644 index 000000000..135626cf9 --- /dev/null +++ b/docs/howto-tracklink-foxids.md @@ -0,0 +1,38 @@ +# Interconnect two FoxIDs tracks with a track link + +FoxIDs tracks in the same tenant can be connected with track links. A track link acts mostly like OpenID Connect but it is simpler to configure and the steps it goes through is faster. +Therefor a login sequence that jumps between tracks will execute faster using a track link competed with using OpenID Connect. But an [OpenID connect connection](howto-oidc-foxids.md) is required if you need to jump between tracks located in different tenants. + +Track links support login, RP-initiated logout and front-channel logout. Furthermore, it is possible to configure [claim and claim transforms](claim.md), logout session and home realm discovery (HRD) like all other connecting up-parties and down-parties. + +## Configure integration + +The following describes how to connect two tracks called `track_x` and `track_y` where `track_y` become an up-party on `track_x`. + +**1 - Start in the `track_x` track by creating a track link in [FoxIDs Control Client](control.md#foxids-control-client)** + +1. Select the Parties tab and then the Up-parties +2. Click Create up-party and then Track link +3. Add the name e.g., `track_y-connection` +4. Add the `track_y` track name +5. Add the down-party name in the `track_y` track e.g., `track_x-connection` +6. Click Create + +![Create track link up-party](images/howto-tracklink-foxids-up-party.png) + +**2 - Then go to the `track_y` track and create a track link in [FoxIDs Control Client](control.md#foxids-control-client)** + +1. Select the Parties tab and then the Down-parties +2. Click Create down-party and then Track link +3. Add the name e.g., `track_x-connection` +4. Add the `track_x` track name +5. Add the up-party name in the `track_x` track e.g., `track_y-connection` +6. Select which up-parties in the `track_y` track the user is allowed to use for authentication +6. Click Create + +![Create track link down-party](images/howto-tracklink-foxids-down-party.png) + +That's it, you are done. + +> Your new up-party `track_y-connection` can now be selected as an allowed up-party in the down-parties in you `track_x` track. +> The down-parties in you `track_x` track can read the claims from your `track_y-connection` up-party. \ No newline at end of file diff --git a/docs/images/configure-login-advanced.png b/docs/images/configure-login-advanced.png index 0f033460e..e029ec4c4 100644 Binary files a/docs/images/configure-login-advanced.png and b/docs/images/configure-login-advanced.png differ diff --git a/docs/images/howto-tracklink-foxids-down-party.png b/docs/images/howto-tracklink-foxids-down-party.png new file mode 100644 index 000000000..926b97504 Binary files /dev/null and b/docs/images/howto-tracklink-foxids-down-party.png differ diff --git a/docs/images/howto-tracklink-foxids-up-party.png b/docs/images/howto-tracklink-foxids-up-party.png new file mode 100644 index 000000000..b933c17a5 Binary files /dev/null and b/docs/images/howto-tracklink-foxids-up-party.png differ diff --git a/docs/login.md b/docs/login.md index 99524409f..4cb40d610 100644 --- a/docs/login.md +++ b/docs/login.md @@ -59,12 +59,12 @@ You can select to require two-factor authentication for all users authenticating ### Configure user session The user sessions lifetime can be changed. The default lifetime is 10 hours. The user session is a sliding session, where the lifetime is extended every time, an application makes a login request until the absolute session lifetime is reached. -It is possible to configure an absolute session lifetime in the advanced settings. +It is possible to configure an absolute session lifetime as well. The user session can be changed to a persistent session which is preserved when the browser is closed and reopened. The user session become a persistent session if either the persistent session lifetime is configured to be grater, then 0. Or the persistent session lifetime unlimited setting is set to on. -> Click `show advanced settings` to see all session settings. +> Click the `User session` tag to see all session settings. ![Configure Login](images/configure-login-session.png) diff --git a/docs/name-title-icon-css.md b/docs/name-title-icon-css.md index f7cee372f..1e79b7bf8 100644 --- a/docs/name-title-icon-css.md +++ b/docs/name-title-icon-css.md @@ -30,7 +30,7 @@ Find the up-party login in [FoxIDs Control Client](control.md#foxids-control-cli ## CSS examples - Change background and add logo text. It is also possible to add a logo image. + Change background and add logo text. body { background: #7c8391; @@ -48,6 +48,16 @@ Find the up-party login in [FoxIDs Control Client](control.md#foxids-control-cli ![Configure background and add logo with CSS](images/configure-login-css-backbround-logo.png) +It is also possible to use a logo image. + + .brand-content-text { + display: none; + } + + .brand-content-icon:before { + content:url('https://some-external-site.com/logo.png'); + } + Add a background image from an external site. body { @@ -61,6 +71,51 @@ Add a background image from an external site. ![Configure background image](images/configure-login-css-backbround-image.png) +Change button and link color, in this example CSS to green. + + label { + color: #a4c700 !important; + } + + .input:focus { + outline: none !important; + border:1px solid #a4c700; + box-shadow: 0 0 10px #a4c700; + } + + .btn-link, .btn-link:hover, a, a:hover { + color: #a4c700; + } + + .btn-primary.disabled, .btn-primary:disabled { + color: #fff; + background-color: #afc44f; + border-color: #afc44f; + } + + .btn-primary, .btn-primary:hover, .btn-primary:active, .btn-primary:focus, .btn-primary:active { + background-color: #a4c700; + border-color: #a4c700; + } + + .btn-primary:not(:disabled):not(.disabled).active, .btn-primary:not(:disabled):not(.disabled):active, .show>.btn-primary.dropdown-toggle { + background-color: #7c9600; + border-color: #7c9600; + } + + .btn-link:not(:disabled):not(.disabled):active, .btn-link:not(:disabled):not(.disabled).active, .show>.btn-link.dropdown-toggle { + color: #a4c700; + } + + .btn:focus, .form-control:focus { + border-color: #a4c700; + box-shadow: 0 0 0 .2rem rgba(64,78,0,.25); + } + + .btn-primary:not(:disabled):not(.disabled).active:focus, .btn-primary:not(:disabled):not(.disabled):active:focus, .show>.btn-primary.dropdown-toggle:focus { + box-shadow: 0 0 0 .2rem rgba(64,78,0,.25); + } + Add information to the login box. div.page-content:before { diff --git a/docs/oidc.md b/docs/oidc.md index a6b11898d..ac1400f1a 100644 --- a/docs/oidc.md +++ b/docs/oidc.md @@ -12,7 +12,8 @@ Configure [up-party OpenID Connect](up-party-oidc.md) which trust an external Op How to guides: -- Connect [FoxIDs](up-party-howto-oidc-foxids.md) +- Connect two FoxIDs tracks in a tenant with a [track link](howto-tracklink-foxids.md) +- Connect two FoxIDs tracks in the same or different tenants with [OpenID connect](howto-oidc-foxids.md) - Connect [Azure AD](up-party-howto-oidc-azure-ad.md) - Connect [Azure AD B2C](up-party-howto-oidc-azure-ad-b2c.md) - Connect [IdentityServer](up-party-howto-oidc-identityserver.md) diff --git a/docs/reverse-proxy.md b/docs/reverse-proxy.md index 108ce31eb..b32e1fca5 100644 --- a/docs/reverse-proxy.md +++ b/docs/reverse-proxy.md @@ -53,7 +53,7 @@ Configuration: - In the Networking section of the App Services. Enable access restriction to only allow traffic from Azure Front Door - Optionally add a Front Door endpoint for both the FoxIDs App Service and the FoxIDs Control App Service test slots - Restrict access to the App Services test slots -- Add the `Settings:TrustProxyHeaders` setting with the value `true` in the FoxIDs App Service (optionally also the test slot) configuration to support [custom domains](custom-domain.md) +- Add the `Settings:TrustProxyHeaders` setting with the value `true` and select Deployment slot setting in the FoxIDs App Service configuration to support [custom domains](custom-domain.md) (optionally also add the setting in the test slot) - Disable Session affinity - Optionally configure WAF policies diff --git a/docs/up-party-howto-saml-2.0-nemlogin.md b/docs/up-party-howto-saml-2.0-nemlogin.md index 2c0ecd311..f91d79a8e 100644 --- a/docs/up-party-howto-saml-2.0-nemlogin.md +++ b/docs/up-party-howto-saml-2.0-nemlogin.md @@ -25,7 +25,7 @@ NemLog-in documentation and configuration: NemLog-in requires the Relying Party (RP) to use a OSES certificate and a high level of logging. Therefore, consider connecting NemLog-in in a separate track where the OCES certificate and log level can be configured without affecting any other configuration. -Two FoxIDs tracks can be connected with OpenID Connect. Please see the [connect FoxIDs with OpenID Connect](up-party-howto-oidc-foxids.md) guide. The track with a up-party connected to NemLog-in is called the parallel FoxIDs track in the guide. +Two FoxIDs tracks can be connected with OpenID Connect. Please see the [connect FoxIDs with OpenID Connect](howto-oidc-foxids.md) guide. The track with a up-party connected to NemLog-in is called the parallel FoxIDs track in the guide. ## Certificate diff --git a/docs/up-party-oidc.md b/docs/up-party-oidc.md index bde326235..603b6db39 100644 --- a/docs/up-party-oidc.md +++ b/docs/up-party-oidc.md @@ -8,7 +8,8 @@ It is possible to configure multiple OpenID Connect up-parties which then can be How to guides: -- Connect [FoxIDs](up-party-howto-oidc-foxids.md) +- Connect two FoxIDs tracks in a tenant with a [track link](howto-tracklink-foxids.md) +- Connect two FoxIDs tracks in the same or different tenants with [OpenID connect](howto-oidc-foxids.md) - Connect [Azure AD](up-party-howto-oidc-azure-ad.md) - Connect [Azure AD B2C](up-party-howto-oidc-azure-ad-b2c.md) - Connect [IdentityServer](up-party-howto-oidc-identityserver.md) diff --git a/docs/Users.md b/docs/users.md similarity index 100% rename from docs/Users.md rename to docs/users.md diff --git a/src/FoxIDs.Control/Controllers/Master/MRiskPasswordFirstController.cs b/src/FoxIDs.Control/Controllers/Master/MRiskPasswordFirstController.cs new file mode 100644 index 000000000..014359fa5 --- /dev/null +++ b/src/FoxIDs.Control/Controllers/Master/MRiskPasswordFirstController.cs @@ -0,0 +1,45 @@ +using FoxIDs.Infrastructure; +using FoxIDs.Models; +using Api = FoxIDs.Models.Api; +using FoxIDs.Repository; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using System.Collections.Generic; +using System.Threading.Tasks; +using AutoMapper; + +namespace FoxIDs.Controllers +{ + public class MRiskPasswordFirstController : MasterApiController + { + private readonly TelemetryScopedLogger logger; + private readonly IMapper mapper; + private readonly IMasterRepository masterRepository; + + public MRiskPasswordFirstController(TelemetryScopedLogger logger, IMapper mapper, IMasterRepository masterRepository) : base(logger) + { + this.logger = logger; + this.mapper = mapper; + this.masterRepository = masterRepository; + } + + /// + /// Get the first 1000 risk password. Can be used query risk passwords before deleting them. + /// + /// Risk passwords. + [ProducesResponseType(typeof(HashSet), StatusCodes.Status200OK)] + [ProducesResponseType(StatusCodes.Status404NotFound)] + public async Task>> GetRiskPasswordFirst() + { + var mRiskPasswords = await masterRepository.GetListAsync(maxItemCount: 1000); + if (mRiskPasswords?.Count > 0) + { + return Ok(mapper.Map>(mRiskPasswords)); + } + else + { + return Ok(); + } + } + } +} diff --git a/src/FoxIDs.Control/Controllers/Parties/GenericPartyApiController.cs b/src/FoxIDs.Control/Controllers/Parties/GenericPartyApiController.cs index 09e1614ff..fa8aff0d7 100644 --- a/src/FoxIDs.Control/Controllers/Parties/GenericPartyApiController.cs +++ b/src/FoxIDs.Control/Controllers/Parties/GenericPartyApiController.cs @@ -8,7 +8,6 @@ using AutoMapper; using System; using FoxIDs.Logic; -using System.Linq; namespace FoxIDs.Controllers { @@ -57,16 +56,16 @@ protected async Task> Get(string name) } } - protected async Task> Post(AParty party, Func> apiModelActionAsync, Func> modelActionAsync) + protected async Task> Post(AParty party, Func> apiModelActionAsync = null, Func> modelActionAsync = null) { try { - if (!await ModelState.TryValidateObjectAsync(party) || !validateGenericPartyLogic.ValidateApiModelClaimTransforms(ModelState, party.ClaimTransforms) || !await apiModelActionAsync(party)) return BadRequest(ModelState); + if (!await ModelState.TryValidateObjectAsync(party) || !validateGenericPartyLogic.ValidateApiModelClaimTransforms(ModelState, party.ClaimTransforms) || (apiModelActionAsync != null &&!await apiModelActionAsync(party))) return BadRequest(ModelState); var mParty = mapper.Map(party); if (!(party is Api.IDownParty downParty ? await validateGenericPartyLogic.ValidateModelAllowUpPartiesAsync(ModelState, nameof(downParty.AllowUpPartyNames), mParty as DownParty) : true)) return BadRequest(ModelState); if (!validateGenericPartyLogic.ValidateModelClaimTransforms(ModelState, mParty)) return BadRequest(ModelState); - if (!(await modelActionAsync(party, mParty))) return BadRequest(ModelState); + if (modelActionAsync != null && !await modelActionAsync(party, mParty)) return BadRequest(ModelState); await tenantRepository.CreateAsync(mParty); @@ -97,16 +96,16 @@ protected async Task> Post(AParty party, Func> Put(AParty party, Func> apiModelActionAsync, Func> modelActionAsync) + protected async Task> Put(AParty party, Func> apiModelActionAsync = null, Func> modelActionAsync = null) { try { - if (!await ModelState.TryValidateObjectAsync(party) || !validateGenericPartyLogic.ValidateApiModelClaimTransforms(ModelState, party.ClaimTransforms) || !await apiModelActionAsync(party)) return BadRequest(ModelState); + if (!await ModelState.TryValidateObjectAsync(party) || !validateGenericPartyLogic.ValidateApiModelClaimTransforms(ModelState, party.ClaimTransforms) || (apiModelActionAsync != null && !await apiModelActionAsync(party))) return BadRequest(ModelState); var mParty = mapper.Map(party); if (!(party is Api.IDownParty downParty ? await validateGenericPartyLogic.ValidateModelAllowUpPartiesAsync(ModelState, nameof(downParty.AllowUpPartyNames), mParty as DownParty) : true)) return BadRequest(ModelState); if (!validateGenericPartyLogic.ValidateModelClaimTransforms(ModelState, mParty)) return BadRequest(ModelState); - if (!(await modelActionAsync(party, mParty))) return BadRequest(ModelState); + if (modelActionAsync != null && !await modelActionAsync(party, mParty)) return BadRequest(ModelState); if(party is Api.OidcDownParty) { diff --git a/src/FoxIDs.Control/Controllers/Parties/TTrackLinkDownPartyController.cs b/src/FoxIDs.Control/Controllers/Parties/TTrackLinkDownPartyController.cs new file mode 100644 index 000000000..bb627c109 --- /dev/null +++ b/src/FoxIDs.Control/Controllers/Parties/TTrackLinkDownPartyController.cs @@ -0,0 +1,56 @@ +using FoxIDs.Infrastructure; +using FoxIDs.Models; +using Api = FoxIDs.Models.Api; +using FoxIDs.Repository; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using System.Threading.Tasks; +using AutoMapper; +using FoxIDs.Logic; + +namespace FoxIDs.Controllers +{ + /// + /// Track link down-party API. + /// + public class TTrackLinkDownPartyController : GenericPartyApiController + { + public TTrackLinkDownPartyController(TelemetryScopedLogger logger, IMapper mapper, ITenantRepository tenantRepository, DownPartyCacheLogic downPartyCacheLogic, UpPartyCacheLogic upPartyCacheLogic, DownPartyAllowUpPartiesQueueLogic downPartyAllowUpPartiesQueueLogic, ValidateGenericPartyLogic validateGenericPartyLogic) : base(logger, mapper, tenantRepository, downPartyCacheLogic, upPartyCacheLogic, downPartyAllowUpPartiesQueueLogic, validateGenericPartyLogic) + { } + + /// + /// Get track link down-party. + /// + /// Party name. + /// Track link down-party. + [ProducesResponseType(typeof(Api.TrackLinkDownParty), StatusCodes.Status200OK)] + [ProducesResponseType(StatusCodes.Status404NotFound)] + public async Task> GetTrackLinkDownParty(string name) => await Get(name); + + /// + /// Create track link down-party. + /// + /// Track link down-party. + /// Track link down-party. + [ProducesResponseType(typeof(Api.TrackLinkDownParty), StatusCodes.Status201Created)] + [ProducesResponseType(StatusCodes.Status409Conflict)] + public async Task> PostTrackLinkDownParty([FromBody] Api.TrackLinkDownParty party) => await Post(party); + + /// + /// Update track link down-party. + /// + /// Track link down-party. + /// OIDC down-party. + [ProducesResponseType(typeof(Api.TrackLinkDownParty), StatusCodes.Status200OK)] + [ProducesResponseType(StatusCodes.Status404NotFound)] + public async Task> PutTrackLinkDownParty([FromBody] Api.TrackLinkDownParty party) => await Put(party); + + /// + /// Delete track link down-party. + /// + /// Party name. + [ProducesResponseType(StatusCodes.Status204NoContent)] + [ProducesResponseType(StatusCodes.Status404NotFound)] + public async Task DeleteTrackLinkDownParty(string name) => await Delete(name); + } +} diff --git a/src/FoxIDs.Control/Controllers/Parties/TTrackLinkUpPartyController.cs b/src/FoxIDs.Control/Controllers/Parties/TTrackLinkUpPartyController.cs new file mode 100644 index 000000000..de09166d5 --- /dev/null +++ b/src/FoxIDs.Control/Controllers/Parties/TTrackLinkUpPartyController.cs @@ -0,0 +1,56 @@ +using FoxIDs.Infrastructure; +using FoxIDs.Models; +using Api = FoxIDs.Models.Api; +using FoxIDs.Repository; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using System.Threading.Tasks; +using AutoMapper; +using FoxIDs.Logic; + +namespace FoxIDs.Controllers +{ + /// + /// Track link up-party API. + /// + public class TTrackLinkUpPartyController : GenericPartyApiController + { + public TTrackLinkUpPartyController(TelemetryScopedLogger logger, IMapper mapper, ITenantRepository tenantRepository, DownPartyCacheLogic downPartyCacheLogic, UpPartyCacheLogic upPartyCacheLogic, DownPartyAllowUpPartiesQueueLogic downPartyAllowUpPartiesQueueLogic, ValidateGenericPartyLogic validateGenericPartyLogic) : base(logger, mapper, tenantRepository, downPartyCacheLogic, upPartyCacheLogic, downPartyAllowUpPartiesQueueLogic, validateGenericPartyLogic) + { } + + /// + /// Get track link up-party. + /// + /// Party name. + /// Track link up-party. + [ProducesResponseType(typeof(Api.TrackLinkUpParty), StatusCodes.Status200OK)] + [ProducesResponseType(StatusCodes.Status404NotFound)] + public async Task> GetTrackLinkUpParty(string name) => await Get(name); + + /// + /// Create track link up-party. + /// + /// Track link up-party. + /// Track link up-party. + [ProducesResponseType(typeof(Api.TrackLinkUpParty), StatusCodes.Status201Created)] + [ProducesResponseType(StatusCodes.Status409Conflict)] + public async Task> PostTrackLinkUpParty([FromBody] Api.TrackLinkUpParty party) => await Post(party); + + /// + /// Update track link up-party. + /// + /// Track link up-party. + /// Track link up-party. + [ProducesResponseType(typeof(Api.TrackLinkUpParty), StatusCodes.Status200OK)] + [ProducesResponseType(StatusCodes.Status404NotFound)] + public async Task> PutTrackLinkUpParty([FromBody] Api.TrackLinkUpParty party) => await Put(party); + + /// + /// Delete track link up-party. + /// + /// Party name. + [ProducesResponseType(StatusCodes.Status204NoContent)] + [ProducesResponseType(StatusCodes.Status404NotFound)] + public async Task DeleteTrackLinkUpParty(string name) => await Delete(name); + } +} diff --git a/src/FoxIDs.Control/FoxIDs.Control.csproj b/src/FoxIDs.Control/FoxIDs.Control.csproj index e3394f650..9ebc09df6 100644 --- a/src/FoxIDs.Control/FoxIDs.Control.csproj +++ b/src/FoxIDs.Control/FoxIDs.Control.csproj @@ -2,7 +2,7 @@ net7.0 - 1.0.14.5 + 1.0.15.3 FoxIDs Anders Revsgaard ITfoxtec @@ -21,13 +21,13 @@ - - + + - - - + + + diff --git a/src/FoxIDs.Control/Infrastructure/Security/JwtBearerMultipleTenantsHandler.cs b/src/FoxIDs.Control/Infrastructure/Security/JwtBearerMultipleTenantsHandler.cs index 5155a4127..3e7231023 100644 --- a/src/FoxIDs.Control/Infrastructure/Security/JwtBearerMultipleTenantsHandler.cs +++ b/src/FoxIDs.Control/Infrastructure/Security/JwtBearerMultipleTenantsHandler.cs @@ -8,7 +8,7 @@ using System.Security.Authentication; using System.Text.Encodings.Web; using System.Threading.Tasks; -using UrlCombineLib; +using ITfoxtec.Identity.Util; using ITfoxtec.Identity.Tokens; using Microsoft.IdentityModel.Tokens; using System.Security.Claims; diff --git a/src/FoxIDs.Control/Logic/ValidateLoginPartyLogic.cs b/src/FoxIDs.Control/Logic/ValidateLoginPartyLogic.cs index 97c8b1dd0..a50bffa28 100644 --- a/src/FoxIDs.Control/Logic/ValidateLoginPartyLogic.cs +++ b/src/FoxIDs.Control/Logic/ValidateLoginPartyLogic.cs @@ -5,6 +5,9 @@ using Microsoft.AspNetCore.Mvc.ModelBinding; using System.ComponentModel.DataAnnotations; using System.IO; +using System.Linq; +using System.Collections.Generic; +using FoxIDs.Models; namespace FoxIDs.Logic { @@ -45,7 +48,7 @@ public bool ValidateApiModel(ModelStateDictionary modelState, Api.LoginUpParty p { isValid = false; logger.Warning(vex); - modelState.TryAddModelError($"{nameof(Api.LoginUpParty.IconUrl)}".ToCamelCase(), vex.Message); + modelState.TryAddModelError(nameof(Api.LoginUpParty.IconUrl).ToCamelCase(), vex.Message); } } @@ -54,6 +57,83 @@ public bool ValidateApiModel(ModelStateDictionary modelState, Api.LoginUpParty p party.TwoFactorAppName = RouteBinding.TenantName; } + if (party.CreateUser != null) + { + if (!party.EnableCreateUser || party.CreateUser.Elements?.Any() != true) + { + party.CreateUser = null; + } + else + { + if (!ValidateApiModelCreateUserElements(modelState, party.CreateUser.Elements)) + { + isValid = false; + } + + if (!ValidateApiModelCreateUserClaimTransforms(modelState, party.CreateUser.ClaimTransforms)) + { + isValid = false; + } + } + } + + return isValid; + } + + public bool ValidateApiModelCreateUserElements(ModelStateDictionary modelState, List createUserElements) + { + var isValid = true; + try + { + if (createUserElements?.Count() > 0) + { + var duplicatedOrderNumber = createUserElements.GroupBy(ct => ct.Order as int?).Where(g => g.Count() > 1).Select(g => g.Key).FirstOrDefault(); + if (duplicatedOrderNumber >= 0) + { + throw new ValidationException($"Duplicated create user dynamic element order number '{duplicatedOrderNumber}'"); + } + + if (createUserElements.Where(e => e.Type == Api.DynamicElementTypes.EmailAndPassword).Count() != 1) + { + throw new ValidationException("Exactly one create user dynamic element of type EmailAndPassword is required."); + } + + var duplicatedElementType = createUserElements.GroupBy(ct => ct.Type).Where(g => g.Count() > 1).Select(g => g.Key).FirstOrDefault(); + if (duplicatedElementType > 0) + { + throw new ValidationException($"Duplicated create user dynamic element type '{duplicatedElementType}'"); + } + } + } + catch (ValidationException vex) + { + isValid = false; + logger.Warning(vex); + modelState.TryAddModelError(nameof(Api.LoginUpParty.CreateUser.Elements).ToCamelCase(), vex.Message); + } + return isValid; + } + + public bool ValidateApiModelCreateUserClaimTransforms(ModelStateDictionary modelState, List claimTransforms) + { + var isValid = true; + try + { + if (claimTransforms?.Count() > 0) + { + var duplicatedOrderNumber = claimTransforms.GroupBy(ct => ct.Order as int?).Where(g => g.Count() > 1).Select(g => g.Key).FirstOrDefault(); + if (duplicatedOrderNumber >= 0) + { + throw new ValidationException($"Duplicated create user claim transform order number '{duplicatedOrderNumber}'"); + } + } + } + catch (ValidationException vex) + { + isValid = false; + logger.Warning(vex); + modelState.TryAddModelError(nameof(Api.LoginUpParty.CreateUser.ClaimTransforms).ToCamelCase(), vex.Message); + } return isValid; } } diff --git a/src/FoxIDs.Control/MappingProfiles/MasterMappingProfile.cs b/src/FoxIDs.Control/MappingProfiles/MasterMappingProfile.cs index 8a9874c24..6671918a4 100644 --- a/src/FoxIDs.Control/MappingProfiles/MasterMappingProfile.cs +++ b/src/FoxIDs.Control/MappingProfiles/MasterMappingProfile.cs @@ -33,6 +33,7 @@ private void Mapping() .ReverseMap(); CreateMap() + .ForMember(d => d.PasswordSha1Hash, opt => opt.MapFrom(s => s.Id.Substring(s.Id.LastIndexOf(':') + 1))) .ReverseMap(); } } diff --git a/src/FoxIDs.Control/MappingProfiles/TenantMappingProfiles.cs b/src/FoxIDs.Control/MappingProfiles/TenantMappingProfiles.cs index c67070a42..3c36a282b 100644 --- a/src/FoxIDs.Control/MappingProfiles/TenantMappingProfiles.cs +++ b/src/FoxIDs.Control/MappingProfiles/TenantMappingProfiles.cs @@ -69,6 +69,9 @@ private void Mapping() .ForMember(d => d.Action, opt => opt.MapFrom(s => MapAction(s))) .ReverseMap(); + CreateMap() + .ReverseMap(); + CreateMap() .ReverseMap(); @@ -130,6 +133,9 @@ private void UpPartyMapping() .ForMember(d => d.Name, opt => opt.MapFrom(s => s.Name.ToLower())) .ForMember(d => d.Id, opt => opt.MapFrom(s => UpParty.IdFormatAsync(RouteBinding, s.Name.ToLower()).GetAwaiter().GetResult())); + CreateMap() + .ReverseMap(); + CreateMap() .ReverseMap() .ForMember(d => d.Name, opt => opt.MapFrom(s => s.Name.ToLower())) @@ -162,6 +168,12 @@ private void UpPartyMapping() .ForMember(d => d.MetadataNameIdFormats, opt => opt.MapFrom(s => s.MetadataNameIdFormats.OrderBy(f => f))) .ForMember(d => d.MetadataAttributeConsumingServices, opt => opt.MapFrom(s => s.MetadataAttributeConsumingServices.OrderBy(a => a.ServiceName.Name))) .ForMember(d => d.MetadataContactPersons, opt => opt.MapFrom(s => s.MetadataContactPersons.OrderBy(c => c.ContactType))); + + CreateMap() + .ReverseMap() + .ForMember(d => d.Name, opt => opt.MapFrom(s => s.Name.ToLower())) + .ForMember(d => d.Id, opt => opt.MapFrom(s => UpParty.IdFormatAsync(RouteBinding, s.Name.ToLower()).GetAwaiter().GetResult())) + .ForMember(d => d.Claims, opt => opt.MapFrom(s => s.Claims.OrderBy(c => c))); } private void DownPartyMapping() @@ -230,6 +242,14 @@ private void DownPartyMapping() RequestBinding = s.LogoutRequestBinding.HasValue ? (SamlBindingTypes)s.LogoutRequestBinding.Value : SamlBindingTypes.Post, ResponseBinding = s.LogoutResponseBinding.HasValue ? (SamlBindingTypes)s.LogoutResponseBinding.Value : SamlBindingTypes.Post, })); + + CreateMap() + .ForMember(d => d.AllowUpPartyNames, opt => opt.MapFrom(s => s.AllowUpParties.Select(aup => aup.Name))) + .ReverseMap() + .ForMember(d => d.Name, opt => opt.MapFrom(s => s.Name.ToLower())) + .ForMember(d => d.Id, opt => opt.MapFrom(s => DownParty.IdFormatAsync(RouteBinding, s.Name.ToLower()).GetAwaiter().GetResult())) + .ForMember(d => d.ClaimTransforms, opt => opt.MapFrom(s => OrderClaimTransforms(s.ClaimTransforms))) + .ForMember(d => d.AllowUpParties, opt => opt.MapFrom(s => s.AllowUpPartyNames.Select(n => new UpPartyLink { Name = n.ToLower() }))); } private List OrderClaimTransforms(List claimTransforms) where T : Api.ClaimTransform diff --git a/src/FoxIDs.Control/Startup.cs b/src/FoxIDs.Control/Startup.cs index 2d1928f8e..acd8495e3 100644 --- a/src/FoxIDs.Control/Startup.cs +++ b/src/FoxIDs.Control/Startup.cs @@ -48,7 +48,11 @@ public void ConfigureServices(IServiceCollection services) public void Configure(IApplicationBuilder app) { - if (!CurrentEnvironment.IsDevelopment()) + if (CurrentEnvironment.IsDevelopment()) + { + app.UseWebAssemblyDebugging(); + } + else { app.UseHsts(); } diff --git a/src/FoxIDs.ControlClient/FoxIDs.ControlClient.csproj b/src/FoxIDs.ControlClient/FoxIDs.ControlClient.csproj index 94a48fbc8..2a346a51c 100644 --- a/src/FoxIDs.ControlClient/FoxIDs.ControlClient.csproj +++ b/src/FoxIDs.ControlClient/FoxIDs.ControlClient.csproj @@ -2,7 +2,7 @@ net7.0 - 1.0.14.5 + 1.0.15.3 FoxIDs.Client Anders Revsgaard ITfoxtec @@ -10,11 +10,11 @@ - + - - + + @@ -23,9 +23,6 @@ - - true - true PreserveNewest diff --git a/src/FoxIDs.ControlClient/Models/LoginTabTypes.cs b/src/FoxIDs.ControlClient/Models/LoginTabTypes.cs index 6b0b13c54..232272532 100644 --- a/src/FoxIDs.ControlClient/Models/LoginTabTypes.cs +++ b/src/FoxIDs.ControlClient/Models/LoginTabTypes.cs @@ -4,6 +4,7 @@ public enum LoginTabTypes { Login, ClaimsTransform, + CreateUser, Session, Hrd } diff --git a/src/FoxIDs.ControlClient/Models/TrackLinkTabTypes.cs b/src/FoxIDs.ControlClient/Models/TrackLinkTabTypes.cs new file mode 100644 index 000000000..43ff4a727 --- /dev/null +++ b/src/FoxIDs.ControlClient/Models/TrackLinkTabTypes.cs @@ -0,0 +1,10 @@ +namespace FoxIDs.Client.Models +{ + public enum TrackLinkTabTypes + { + TrackLink, + Session, + ClaimsTransform, + Hrd + } +} diff --git a/src/FoxIDs.ControlClient/Models/ViewModels/Parties/CreateUserViewModel.cs b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/CreateUserViewModel.cs new file mode 100644 index 000000000..a9e4afcff --- /dev/null +++ b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/CreateUserViewModel.cs @@ -0,0 +1,18 @@ +using FoxIDs.Infrastructure.DataAnnotations; +using FoxIDs.Models.Api; +using System.Collections.Generic; + +namespace FoxIDs.Client.Models.ViewModels +{ + public class CreateUserViewModel : CreateUser, IOAuthClaimTransformViewModel, IDynamicElementsViewModel + { + [Length(Constants.Models.DynamicElements.ElementsMin, Constants.Models.DynamicElements.ElementsMax)] + public new List Elements { get; set; } + + /// + /// Claim transforms. + /// + [Length(Constants.Models.Claim.TransformsMin, Constants.Models.Claim.TransformsMax)] + public new List ClaimTransforms { get; set; } = new List(); + } +} diff --git a/src/FoxIDs.ControlClient/Models/ViewModels/Parties/DynamicElementViewModel.cs b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/DynamicElementViewModel.cs new file mode 100644 index 000000000..f6e345111 --- /dev/null +++ b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/DynamicElementViewModel.cs @@ -0,0 +1,9 @@ +using FoxIDs.Models.Api; + +namespace FoxIDs.Client.Models.ViewModels +{ + public class DynamicElementViewModel : DynamicElement + { + public bool IsStaticRequired { get; set; } + } +} diff --git a/src/FoxIDs.ControlClient/Models/ViewModels/Parties/GeneralLoginUpPartyViewModel.cs b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/GeneralLoginUpPartyViewModel.cs index 6824cb7b3..b1dbaf645 100644 --- a/src/FoxIDs.ControlClient/Models/ViewModels/Parties/GeneralLoginUpPartyViewModel.cs +++ b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/GeneralLoginUpPartyViewModel.cs @@ -17,7 +17,8 @@ public GeneralLoginUpPartyViewModel(UpParty upParty) : base(upParty) public PageEditForm Form { get; set; } public bool ShowLoginTab { get; set; } = true; - public bool ShowClaimTransformTab { get; set; } + public bool ShowClaimTransformTab { get; set; } + public bool ShowCreateUserTab { get; set; } public bool ShowSessionTab { get; set; } public bool ShowHrdTab { get; set; } } diff --git a/src/FoxIDs.ControlClient/Models/ViewModels/Parties/GeneralTrackLinkDownPartyViewModel.cs b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/GeneralTrackLinkDownPartyViewModel.cs new file mode 100644 index 000000000..0974e0393 --- /dev/null +++ b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/GeneralTrackLinkDownPartyViewModel.cs @@ -0,0 +1,21 @@ +using FoxIDs.Client.Shared.Components; +using FoxIDs.Models.Api; + +namespace FoxIDs.Client.Models.ViewModels +{ + public class GeneralTrackLinkDownPartyViewModel : GeneralDownPartyViewModel + { + public GeneralTrackLinkDownPartyViewModel() : base(PartyTypes.TrackLink) + { } + + public GeneralTrackLinkDownPartyViewModel(DownParty downParty) : base(downParty) + { } + + public PageEditForm Form { get; set; } + + public SelectUpParty SelectAllowUpPartyName; + + public bool ShowTrackLinkTab { get; set; } = true; + public bool ShowClaimTransformTab { get; set; } + } +} diff --git a/src/FoxIDs.ControlClient/Models/ViewModels/Parties/GeneralTrackLinkUpPartyViewModel.cs b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/GeneralTrackLinkUpPartyViewModel.cs new file mode 100644 index 000000000..2079b7aa9 --- /dev/null +++ b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/GeneralTrackLinkUpPartyViewModel.cs @@ -0,0 +1,24 @@ +using FoxIDs.Client.Shared.Components; +using FoxIDs.Models.Api; +using System.Collections.Generic; + +namespace FoxIDs.Client.Models.ViewModels +{ + public class GeneralTrackLinkUpPartyViewModel : GeneralUpPartyViewModel + { + public GeneralTrackLinkUpPartyViewModel() : base(PartyTypes.TrackLink) + { } + + public GeneralTrackLinkUpPartyViewModel(UpParty upParty) : base(upParty) + { } + + public PageEditForm Form { get; set; } + + public List KeyInfoList { get; set; } = new List(); + + public bool ShowTrackLinkTab { get; set; } = true; + public bool ShowSessionTab { get; set; } + public bool ShowClaimTransformTab { get; set; } + public bool ShowHrdTab { get; set; } + } +} diff --git a/src/FoxIDs.ControlClient/Models/ViewModels/Parties/IDynamicElementsViewModel.cs b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/IDynamicElementsViewModel.cs new file mode 100644 index 000000000..7f15e82b0 --- /dev/null +++ b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/IDynamicElementsViewModel.cs @@ -0,0 +1,13 @@ +using FoxIDs.Infrastructure.DataAnnotations; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Client.Models.ViewModels +{ + public interface IDynamicElementsViewModel + { + [Length(Constants.Models.DynamicElements.ElementsMin, Constants.Models.DynamicElements.ElementsMax)] + [Display(Name = "Dynamic elements shown in order (use the move up and down arrows to change the order)")] + public List Elements { get; set; } + } +} diff --git a/src/FoxIDs.ControlClient/Models/ViewModels/Parties/LoginUpPartyViewModel.cs b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/LoginUpPartyViewModel.cs index d3d6df381..06ddd0827 100644 --- a/src/FoxIDs.ControlClient/Models/ViewModels/Parties/LoginUpPartyViewModel.cs +++ b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/LoginUpPartyViewModel.cs @@ -128,5 +128,7 @@ public class LoginUpPartyViewModel : IOAuthClaimTransformViewModel, IUpPartySess [RegularExpression(Constants.Models.UpParty.HrdLogoUrlRegExPattern)] [Display(Name = "HRD logo URL")] public string HrdLogoUrl { get; set; } + + public CreateUserViewModel CreateUser { get; set; } = new CreateUserViewModel(); } } diff --git a/src/FoxIDs.ControlClient/Models/ViewModels/Parties/TrackLinkDownPartyViewModel.cs b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/TrackLinkDownPartyViewModel.cs new file mode 100644 index 000000000..a587e27b7 --- /dev/null +++ b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/TrackLinkDownPartyViewModel.cs @@ -0,0 +1,59 @@ +using FoxIDs.Infrastructure.DataAnnotations; +using FoxIDs.Models.Api; +using Newtonsoft.Json; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Client.Models.ViewModels +{ + public class TrackLinkDownPartyViewModel : IDownPartyName, IValidatableObject, IAllowUpPartyNames, IOAuthClaimTransformViewModel + { + [Required] + [MaxLength(Constants.Models.Party.NameLength)] + [RegularExpression(Constants.Models.Party.NameRegExPattern, ErrorMessage = "The field {0} can contain letters, numbers, '-' and '_'.")] + [Display(Name = "Down-party name (client ID / resource name)")] + public string Name { get; set; } + + [MaxLength(Constants.Models.Party.NoteLength)] + [Display(Name = "Your notes")] + public string Note { get; set; } + + [Required] + [MaxLength(Constants.Models.Track.NameLength)] + [RegularExpression(Constants.Models.Track.NameDbRegExPattern)] + [Display(Name = "To track name")] + public string ToUpTrackName { get; set; } + + [Required] + [MaxLength(Constants.Models.Party.NameLength)] + [RegularExpression(Constants.Models.Party.NameRegExPattern)] + [Display(Name = "To up-party name")] + public string ToUpPartyName { get; set; } + + [ValidateComplexType] + [Length(Constants.Models.DownParty.AllowUpPartyNamesMin, Constants.Models.DownParty.AllowUpPartyNamesMax, Constants.Models.Party.NameLength, Constants.Models.Party.NameRegExPattern)] + [Display(Name = "Allow up-party names")] + public List AllowUpPartyNames { get; set; } = new List(); + + [ValidateComplexType] + [Length(Constants.Models.OAuthDownParty.Client.ClaimsMin, Constants.Models.OAuthDownParty.Client.ClaimsMax)] + [Display(Name = "Issue claims (use * to issue all claims)")] + public List Claims { get; set; } + + /// + /// Claim transforms. + /// + [Length(Constants.Models.Claim.TransformsMin, Constants.Models.Claim.TransformsMax)] + public List ClaimTransforms { get; set; } = new List(); + + public IEnumerable Validate(ValidationContext validationContext) + { + var results = new List(); + if (AllowUpPartyNames?.Count <= 0) + { + results.Add(new ValidationResult($"At least one in the field {nameof(AllowUpPartyNames)} is required.", new[] { nameof(AllowUpPartyNames) })); + } + return results; + } + } +} diff --git a/src/FoxIDs.ControlClient/Models/ViewModels/Parties/TrackLinkUpPartyViewModel.cs b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/TrackLinkUpPartyViewModel.cs new file mode 100644 index 000000000..2b8e7cf87 --- /dev/null +++ b/src/FoxIDs.ControlClient/Models/ViewModels/Parties/TrackLinkUpPartyViewModel.cs @@ -0,0 +1,98 @@ +using FoxIDs.Infrastructure.DataAnnotations; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Client.Models.ViewModels +{ + public class TrackLinkUpPartyViewModel : IOAuthClaimTransformViewModel, IUpPartySessionLifetime, IUpPartyHrd + { + [Required] + [MaxLength(Constants.Models.Party.NameLength)] + [RegularExpression(Constants.Models.Party.NameRegExPattern, ErrorMessage = "The field {0} can contain letters, numbers, '-' and '_'.")] + [Display(Name = "Up-party name")] + public string Name { get; set; } + + [MaxLength(Constants.Models.Party.NoteLength)] + [Display(Name = "Your notes")] + public string Note { get; set; } + + [Required] + [MaxLength(Constants.Models.Track.NameLength)] + [RegularExpression(Constants.Models.Track.NameDbRegExPattern)] + [Display(Name = "To track name")] + public string ToDownTrackName { get; set; } + + [Required] + [MaxLength(Constants.Models.Party.NameLength)] + [RegularExpression(Constants.Models.Party.NameRegExPattern)] + [Display(Name = "To down-party name")] + public string ToDownPartyName { get; set; } + + [Length(Constants.Models.TrackLinkDownParty.SelectedUpPartiesMin, Constants.Models.TrackLinkDownParty.SelectedUpPartiesMax, Constants.Models.Party.NameLength, Constants.Models.TrackLinkDownParty.SelectedUpPartiesNameRegExPattern)] + [Display(Name = "Selected up-parties (use * to select all up-parties)")] + public List SelectedUpParties { get; set; } = new List(new[] { "*" }); + + [Length(Constants.Models.OAuthUpParty.Client.ClaimsMin, Constants.Models.OAuthUpParty.Client.ClaimsMax, Constants.Models.Claim.JwtTypeLength, Constants.Models.Claim.JwtTypeWildcardRegExPattern)] + [Display(Name = "Forward claims (use * to carried all claims forward)")] + public List Claims { get; set; } + + /// + /// Claim transforms. + /// + [Length(Constants.Models.Claim.TransformsMin, Constants.Models.Claim.TransformsMax)] + public List ClaimTransforms { get; set; } = new List(); + + + /// + /// Default 10 hours. + /// + [Range(Constants.Models.UpParty.SessionLifetimeMin, Constants.Models.UpParty.SessionLifetimeMax)] + public int SessionLifetime { get; set; } = 36000; + + /// + /// Default 24 hours. + /// + [Range(Constants.Models.UpParty.SessionAbsoluteLifetimeMin, Constants.Models.UpParty.SessionAbsoluteLifetimeMax)] + public int SessionAbsoluteLifetime { get; set; } = 86400; + + /// + /// Default 0 minutes. + /// + [Range(Constants.Models.UpParty.PersistentAbsoluteSessionLifetimeMin, Constants.Models.UpParty.PersistentAbsoluteSessionLifetimeMax)] + public int PersistentSessionAbsoluteLifetime { get; set; } = 0; + + /// + /// Default false. + /// + public bool PersistentSessionLifetimeUnlimited { get; set; } = false; + + [Display(Name = "Single logout")] + public bool EnableSingleLogout { get; set; } = true; + + /// + /// Home realm discovery (HRD) domains. + /// + [Length(Constants.Models.UpParty.HrdDomainMin, Constants.Models.UpParty.HrdDomainMax, Constants.Models.UpParty.HrdDomainLength, Constants.Models.UpParty.HrdDomainRegExPattern)] + [Display(Name = "HRD domains")] + public List HrdDomains { get; set; } + + [Display(Name = "Show HRD button with domain")] + public bool HrdShowButtonWithDomain { get; set; } + + /// + /// Home realm discovery (HRD) display name. + /// + [MaxLength(Constants.Models.UpParty.HrdDisplayNameLength)] + [RegularExpression(Constants.Models.UpParty.HrdDisplayNameRegExPattern)] + [Display(Name = "HRD display name")] + public string HrdDisplayName { get; set; } + + /// + /// Home realm discovery (HRD) logo URL. + /// + [MaxLength(Constants.Models.UpParty.HrdLogoUrlLength)] + [RegularExpression(Constants.Models.UpParty.HrdLogoUrlRegExPattern)] + [Display(Name = "HRD logo URL")] + public string HrdLogoUrl { get; set; } + } +} diff --git a/src/FoxIDs.ControlClient/Models/ViewModels/Tracks/UserViewModel.cs b/src/FoxIDs.ControlClient/Models/ViewModels/Tracks/UserViewModel.cs index c18240e9c..1c10bba31 100644 --- a/src/FoxIDs.ControlClient/Models/ViewModels/Tracks/UserViewModel.cs +++ b/src/FoxIDs.ControlClient/Models/ViewModels/Tracks/UserViewModel.cs @@ -19,7 +19,7 @@ public UserViewModel() [Display(Name = "Email")] public string Email { get; set; } - [Display(Name = "Confirm account")] + [Display(Name = "User must confirm account")] public bool ConfirmAccount { get; set; } [Display(Name = "Email verified")] diff --git a/src/FoxIDs.ControlClient/Pages/ClaimMappings.cs b/src/FoxIDs.ControlClient/Pages/ClaimMappings.cs index f872fee9d..ba0b0c204 100644 --- a/src/FoxIDs.ControlClient/Pages/ClaimMappings.cs +++ b/src/FoxIDs.ControlClient/Pages/ClaimMappings.cs @@ -91,7 +91,7 @@ private async Task OnUpdateClaimMappingValidSubmitAsync(EditContext editContext) try { await TrackService.SaveTrackClaimMappingAsync(trackClaimMappingForm.Model.ClaimMappings); - toastService.ShowSuccess("Claim mappings updated.", "SUCCESS"); + toastService.ShowSuccess("Claim mappings updated."); } catch (Exception ex) { diff --git a/src/FoxIDs.ControlClient/Pages/Components/DownPartyBase.cs b/src/FoxIDs.ControlClient/Pages/Components/DownPartyBase.cs index 694edbfcb..a0c5658be 100644 --- a/src/FoxIDs.ControlClient/Pages/Components/DownPartyBase.cs +++ b/src/FoxIDs.ControlClient/Pages/Components/DownPartyBase.cs @@ -88,6 +88,23 @@ public void ShowSamlTab(GeneralSamlDownPartyViewModel downParty, SamlTabTypes sa } } + public void ShowTrackLinkTab(GeneralTrackLinkDownPartyViewModel downParty, TrackLinkTabTypes trackLinkTabTypes) + { + switch (trackLinkTabTypes) + { + case TrackLinkTabTypes.TrackLink: + downParty.ShowTrackLinkTab = true; + downParty.ShowClaimTransformTab = false; + break; + case TrackLinkTabTypes.ClaimsTransform: + downParty.ShowTrackLinkTab = false; + downParty.ShowClaimTransformTab = true; + break; + default: + throw new NotSupportedException(); + } + } + public void AddAllowUpPartyName((IAllowUpPartyNames model, string upPartyName) arg) { if (!arg.model.AllowUpPartyNames.Where(p => p.Equals(arg.upPartyName, StringComparison.OrdinalIgnoreCase)).Any()) diff --git a/src/FoxIDs.ControlClient/Pages/Components/ELoginUpParty.cs b/src/FoxIDs.ControlClient/Pages/Components/ELoginUpParty.cs index 804430163..cc8f8f053 100644 --- a/src/FoxIDs.ControlClient/Pages/Components/ELoginUpParty.cs +++ b/src/FoxIDs.ControlClient/Pages/Components/ELoginUpParty.cs @@ -63,6 +63,36 @@ private void LoginUpPartyViewModelAfterInit(LoginUpPartyViewModel model) { model.TwoFactorAppName = TenantName; } + if(model.CreateUser.Elements?.Any() != true) + { + model.CreateUser.Elements = new List + { + new DynamicElementViewModel + { + IsStaticRequired = true, + Type = DynamicElementTypes.EmailAndPassword, + Required = true + }, + new DynamicElementViewModel + { + Type = DynamicElementTypes.GivenName + }, + new DynamicElementViewModel + { + Type = DynamicElementTypes.FamilyName + } + }; + } + else + { + foreach(var element in model.CreateUser.Elements) + { + if (element.Type == DynamicElementTypes.EmailAndPassword) + { + element.IsStaticRequired = true; + } + } + } } private async Task OnEditLoginUpPartyValidSubmitAsync(GeneralLoginUpPartyViewModel generalLoginUpParty, EditContext editContext) @@ -95,10 +125,29 @@ private async Task OnEditLoginUpPartyValidSubmitAsync(GeneralLoginUpPartyViewMod claimTransform.Order = order++; } } + if (afterMap.CreateUser != null) + { + if (afterMap.CreateUser.Elements?.Count() > 0) + { + int order = 1; + foreach (var element in afterMap.CreateUser.Elements) + { + element.Order = order++; + } + } + if (afterMap.CreateUser.ClaimTransforms?.Count() > 0) + { + int order = 1; + foreach (var claimTransform in afterMap.CreateUser.ClaimTransforms) + { + claimTransform.Order = order++; + } + } + } })); generalLoginUpParty.Form.UpdateModel(ToViewModel(loginUpPartyResult)); generalLoginUpParty.CreateMode = false; - toastService.ShowSuccess("Login Up-party created.", "SUCCESS"); + toastService.ShowSuccess("Login up-party created."); } else { @@ -115,9 +164,28 @@ private async Task OnEditLoginUpPartyValidSubmitAsync(GeneralLoginUpPartyViewMod claimTransform.Order = order++; } } + if (afterMap.CreateUser != null) + { + if (afterMap.CreateUser.Elements?.Count() > 0) + { + int order = 1; + foreach (var element in afterMap.CreateUser.Elements) + { + element.Order = order++; + } + } + if (afterMap.CreateUser.ClaimTransforms?.Count() > 0) + { + int order = 1; + foreach (var claimTransform in afterMap.CreateUser.ClaimTransforms) + { + claimTransform.Order = order++; + } + } + } })); generalLoginUpParty.Form.UpdateModel(ToViewModel(loginUpParty)); - toastService.ShowSuccess("Login Up-party updated.", "SUCCESS"); + toastService.ShowSuccess("Login up-party updated."); } generalLoginUpParty.Name = generalLoginUpParty.Form.Model.Name; } diff --git a/src/FoxIDs.ControlClient/Pages/Components/ELoginUpParty.razor b/src/FoxIDs.ControlClient/Pages/Components/ELoginUpParty.razor index d6ee8748e..edd813284 100644 --- a/src/FoxIDs.ControlClient/Pages/Components/ELoginUpParty.razor +++ b/src/FoxIDs.ControlClient/Pages/Components/ELoginUpParty.razor @@ -1,7 +1,7 @@ @inherits UpPartyBase @{ - var loginUpParty = UpParty as GeneralLoginUpPartyViewModel; ; + var loginUpParty = UpParty as GeneralLoginUpPartyViewModel; } @@ -49,6 +49,17 @@ } +
  • + @if (loginUpParty.ShowCreateUserTab) + { + Create user + } + else + { + + } +
    • +
  • @if (loginUpParty.ShowSessionTab) { @@ -96,6 +107,13 @@ { } + else if (loginUpParty.ShowCreateUserTab) + { + + + + + } else if (loginUpParty.ShowSessionTab) { diff --git a/src/FoxIDs.ControlClient/Pages/Components/EOAuthDownParty.cs b/src/FoxIDs.ControlClient/Pages/Components/EOAuthDownParty.cs index 3e07cac60..a0840ec3d 100644 --- a/src/FoxIDs.ControlClient/Pages/Components/EOAuthDownParty.cs +++ b/src/FoxIDs.ControlClient/Pages/Components/EOAuthDownParty.cs @@ -238,11 +238,11 @@ private async Task OnEditOAuthDownPartyValidSubmitAsync(GeneralOAuthDownPartyVie if (generalOAuthDownParty.CreateMode) { generalOAuthDownParty.CreateMode = false; - toastService.ShowSuccess("OAuth Down-party created.", "SUCCESS"); + toastService.ShowSuccess("OAuth down-party created."); } else { - toastService.ShowSuccess("OAuth Down-party updated.", "SUCCESS"); + toastService.ShowSuccess("OAuth down-party updated."); } generalOAuthDownParty.Name = generalOAuthDownParty.Form.Model.Name; } diff --git a/src/FoxIDs.ControlClient/Pages/Components/EOAuthDownParty.razor b/src/FoxIDs.ControlClient/Pages/Components/EOAuthDownParty.razor index 9a5321035..0c13fd9e0 100644 --- a/src/FoxIDs.ControlClient/Pages/Components/EOAuthDownParty.razor +++ b/src/FoxIDs.ControlClient/Pages/Components/EOAuthDownParty.razor @@ -42,15 +42,6 @@
    OIDC Discovery:
    } - @if (DownParty.ShowAdvanced) - { - - - - - - } - @if (oauthDownParty.EnableClientTab && oauthDownParty.EnableResourceTab) {
    @@ -65,6 +56,15 @@ } + @if (DownParty.ShowAdvanced) + { + + + + + + } +
    • @if (oauthDownParty.EnableClientTab) diff --git a/src/FoxIDs.ControlClient/Pages/Components/EOidcDownParty.cs b/src/FoxIDs.ControlClient/Pages/Components/EOidcDownParty.cs index 26508bd7f..2322f6756 100644 --- a/src/FoxIDs.ControlClient/Pages/Components/EOidcDownParty.cs +++ b/src/FoxIDs.ControlClient/Pages/Components/EOidcDownParty.cs @@ -233,11 +233,11 @@ private async Task OnEditOidcDownPartyValidSubmitAsync(GeneralOidcDownPartyViewM if (generalOidcDownParty.CreateMode) { generalOidcDownParty.CreateMode = false; - toastService.ShowSuccess("OpenID Connect Down-party created.", "SUCCESS"); + toastService.ShowSuccess("OpenID Connect down-party created."); } else { - toastService.ShowSuccess("OpenID Connect Down-party updated.", "SUCCESS"); + toastService.ShowSuccess("OpenID Connect down-party updated."); } generalOidcDownParty.Name = generalOidcDownParty.Form.Model.Name; } diff --git a/src/FoxIDs.ControlClient/Pages/Components/EOidcUpParty.cs b/src/FoxIDs.ControlClient/Pages/Components/EOidcUpParty.cs index 68ff9726d..52d6cfbe2 100644 --- a/src/FoxIDs.ControlClient/Pages/Components/EOidcUpParty.cs +++ b/src/FoxIDs.ControlClient/Pages/Components/EOidcUpParty.cs @@ -148,13 +148,13 @@ private async Task OnEditOidcUpPartyValidSubmitAsync(GeneralOidcUpPartyViewModel var oidcUpPartyResult = await UpPartyService.CreateOidcUpPartyAsync(oidcUpParty); generalOidcUpParty.Form.UpdateModel(ToViewModel(generalOidcUpParty, oidcUpPartyResult)); generalOidcUpParty.CreateMode = false; - toastService.ShowSuccess("OpenID Connect Up-party created.", "SUCCESS"); + toastService.ShowSuccess("OpenID Connect up-party created."); } else { var oidcUpPartyResult = await UpPartyService.UpdateOidcUpPartyAsync(oidcUpParty); generalOidcUpParty.Form.UpdateModel(ToViewModel(generalOidcUpParty, oidcUpPartyResult)); - toastService.ShowSuccess("OpenID Connect Up-party updated.", "SUCCESS"); + toastService.ShowSuccess("OpenID Connect up-party updated."); } generalOidcUpParty.Name = generalOidcUpParty.Form.Model.Name; diff --git a/src/FoxIDs.ControlClient/Pages/Components/ESamlDownParty.cs b/src/FoxIDs.ControlClient/Pages/Components/ESamlDownParty.cs index af4ece506..4e95b23f3 100644 --- a/src/FoxIDs.ControlClient/Pages/Components/ESamlDownParty.cs +++ b/src/FoxIDs.ControlClient/Pages/Components/ESamlDownParty.cs @@ -250,13 +250,13 @@ private async Task OnEditSamlDownPartyValidSubmitAsync(GeneralSamlDownPartyViewM var samlDownPartyResult = await DownPartyService.CreateSamlDownPartyAsync(samlDownParty); generalSamlDownParty.Form.UpdateModel(ToViewModel(generalSamlDownParty, samlDownPartyResult)); generalSamlDownParty.CreateMode = false; - toastService.ShowSuccess("SAML 2.0 Down-party created.", "SUCCESS"); + toastService.ShowSuccess("SAML 2.0 down-party created."); } else { var samlDownPartyResult = await DownPartyService.UpdateSamlDownPartyAsync(samlDownParty); generalSamlDownParty.Form.UpdateModel(ToViewModel(generalSamlDownParty, samlDownPartyResult)); - toastService.ShowSuccess("SAML 2.0 Down-party updated.", "SUCCESS"); + toastService.ShowSuccess("SAML 2.0 down-party updated."); } generalSamlDownParty.Name = generalSamlDownParty.Form.Model.Name; } diff --git a/src/FoxIDs.ControlClient/Pages/Components/ESamlUpParty.cs b/src/FoxIDs.ControlClient/Pages/Components/ESamlUpParty.cs index 8f139eb4a..0786d1f3e 100644 --- a/src/FoxIDs.ControlClient/Pages/Components/ESamlUpParty.cs +++ b/src/FoxIDs.ControlClient/Pages/Components/ESamlUpParty.cs @@ -12,7 +12,6 @@ using ITfoxtec.Identity; using System.IO; using BlazorInputFile; -using System.Security.Claims; using Microsoft.AspNetCore.Components; using Tewr.Blazor.FileReader; using System.Text; @@ -295,13 +294,13 @@ private async Task OnEditSamlUpPartyValidSubmitAsync(GeneralSamlUpPartyViewModel var samlUpPartyResult = await UpPartyService.CreateSamlUpPartyAsync(samlUpParty); generalSamlUpParty.Form.UpdateModel(ToViewModel(generalSamlUpParty, samlUpPartyResult)); generalSamlUpParty.CreateMode = false; - toastService.ShowSuccess("SAML 2.0 Up-party created.", "SUCCESS"); + toastService.ShowSuccess("SAML 2.0 up-party created."); } else { var samlUpPartyResult = await UpPartyService.UpdateSamlUpPartyAsync(samlUpParty); generalSamlUpParty.Form.UpdateModel(ToViewModel(generalSamlUpParty, samlUpPartyResult)); - toastService.ShowSuccess("SAML 2.0 Up-party updated.", "SUCCESS"); + toastService.ShowSuccess("SAML 2.0 up-party updated."); } generalSamlUpParty.Name = generalSamlUpParty.Form.Model.Name; } diff --git a/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkDownParty.cs b/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkDownParty.cs new file mode 100644 index 000000000..3ca03c72c --- /dev/null +++ b/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkDownParty.cs @@ -0,0 +1,159 @@ +using FoxIDs.Client.Models.ViewModels; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using FoxIDs.Infrastructure; +using FoxIDs.Models.Api; +using FoxIDs.Client.Services; +using Microsoft.AspNetCore.Components.Forms; +using ITfoxtec.Identity.BlazorWebAssembly.OpenidConnect; +using FoxIDs.Client.Infrastructure.Security; +using Microsoft.AspNetCore.Components.Web; +using ITfoxtec.Identity; +using System.Net.Http; + +namespace FoxIDs.Client.Pages.Components +{ + public partial class ETrackLinkDownParty : DownPartyBase + { + protected override async Task OnInitializedAsync() + { + await base.OnInitializedAsync(); + if (!DownParty.CreateMode) + { + await DefaultLoadAsync(); + } + } + + private async Task DefaultLoadAsync() + { + try + { + var generalTrackLinkDownParty = DownParty as GeneralTrackLinkDownPartyViewModel; + var trackLinkDownParty = await DownPartyService.GetTrackLinkDownPartyAsync(DownParty.Name); + await generalTrackLinkDownParty.Form.InitAsync(ToViewModel(trackLinkDownParty)); + } + catch (TokenUnavailableException) + { + await (OpenidConnectPkce as TenantOpenidConnectPkce).TenantLoginAsync(); + } + catch (HttpRequestException ex) + { + DownParty.Error = ex.Message; + } + } + + private TrackLinkDownPartyViewModel ToViewModel(TrackLinkDownParty trackLinkDownParty) + { + return trackLinkDownParty.Map(afterMap => + { + if (afterMap.ClaimTransforms?.Count > 0) + { + afterMap.ClaimTransforms = afterMap.ClaimTransforms.MapClaimTransforms(); + } + }); + } + + private void TrackLinkDownPartyViewModelAfterInit(GeneralTrackLinkDownPartyViewModel trackLinkDownParty, TrackLinkDownPartyViewModel model) + { + if (trackLinkDownParty.CreateMode) + { + model.Claims = new List + { + new OAuthDownClaim { Claim = "*" } + }; + } + } + + private void AddTrackLinkClaim(MouseEventArgs e, List claims) + { + claims.Add(new OAuthDownClaim()); + } + + private void RemoveTrackLinkClaim(MouseEventArgs e, List claims, OAuthDownClaim removeClaim) + { + claims.Remove(removeClaim); + } + + private async Task OnEditTrackLinkDownPartyValidSubmitAsync(GeneralTrackLinkDownPartyViewModel generalTrackLinkDownParty, EditContext editContext) + { + try + { + if(generalTrackLinkDownParty.Form.Model.ClaimTransforms?.Count() > 0) + { + foreach (var claimTransform in generalTrackLinkDownParty.Form.Model.ClaimTransforms) + { + if (claimTransform is OAuthClaimTransformClaimInViewModel claimTransformClaimIn && !claimTransformClaimIn.ClaimIn.IsNullOrWhiteSpace()) + { + claimTransform.ClaimsIn = new List { claimTransformClaimIn.ClaimIn }; + } + } + } + + var trackLinkDownParty = generalTrackLinkDownParty.Form.Model.Map(afterMap: afterMap => + { + if (afterMap.ClaimTransforms?.Count() > 0) + { + int order = 1; + foreach (var claimTransform in afterMap.ClaimTransforms) + { + claimTransform.Order = order++; + } + } + }); + + TrackLinkDownParty trackLinkDownPartyResult; + if (generalTrackLinkDownParty.CreateMode) + { + trackLinkDownPartyResult = await DownPartyService.CreateTrackLinkDownPartyAsync(trackLinkDownParty); + } + else + { + trackLinkDownPartyResult = await DownPartyService.UpdateTrackLinkDownPartyAsync(trackLinkDownParty); + } + + generalTrackLinkDownParty.Form.UpdateModel(ToViewModel(trackLinkDownPartyResult)); + if (generalTrackLinkDownParty.CreateMode) + { + generalTrackLinkDownParty.CreateMode = false; + toastService.ShowSuccess("Track link down-party created."); + } + else + { + toastService.ShowSuccess("Track link down-party updated."); + } + generalTrackLinkDownParty.Name = generalTrackLinkDownParty.Form.Model.Name; + } + catch (FoxIDsApiException ex) + { + if (ex.StatusCode == System.Net.HttpStatusCode.Conflict) + { + generalTrackLinkDownParty.Form.SetFieldError(nameof(generalTrackLinkDownParty.Form.Model.Name), ex.Message); + } + else + { + throw; + } + } + } + + private async Task DeleteTrackLinkDownPartyAsync(GeneralTrackLinkDownPartyViewModel generalTrackLinkDownParty) + { + try + { + await DownPartyService.DeleteTrackLinkDownPartyAsync(generalTrackLinkDownParty.Name); + DownParties.Remove(generalTrackLinkDownParty); + await OnStateHasChanged.InvokeAsync(DownParty); + } + catch (TokenUnavailableException) + { + await (OpenidConnectPkce as TenantOpenidConnectPkce).TenantLoginAsync(); + } + catch (Exception ex) + { + generalTrackLinkDownParty.Form.SetError(ex.Message); + } + } + } +} diff --git a/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkDownParty.razor b/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkDownParty.razor new file mode 100644 index 000000000..03165d450 --- /dev/null +++ b/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkDownParty.razor @@ -0,0 +1,139 @@ +@inherits DownPartyBase + +@{ + var trackLinkDownParty = DownParty as GeneralTrackLinkDownPartyViewModel; +} + + +
      +
      + Track link +
      + +
      +
      + @if (trackLinkDownParty.CreateMode) + { + + } + else + { + + } + + @if (trackLinkDownParty.ShowAdvanced) + { + + } + + + + +
        +
      • + @if (trackLinkDownParty.ShowTrackLinkTab) + { + Track link + } + else + { + + } +
        • +
      • + @if (trackLinkDownParty.ShowClaimTransformTab) + { + Claim transform + } + else + { + + } +
        • +
      + +
      + @if (trackLinkDownParty.ShowTrackLinkTab) + { + + + + + + @if (DownParty.ShowAdvanced) + { +
      +
      + } + } + else if (trackLinkDownParty.ShowClaimTransformTab) + { + + + } +
      +
      + @if (!DownParty.CreateMode && DownParty.DeleteAcknowledge) + { +
      + +
      + } +
      + + @if (!DownParty.CreateMode) + { + + } + + +
      +       \ No newline at end of file diff --git a/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkUpParty.cs b/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkUpParty.cs new file mode 100644 index 000000000..8988c563e --- /dev/null +++ b/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkUpParty.cs @@ -0,0 +1,142 @@ +using FoxIDs.Client.Models.ViewModels; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using FoxIDs.Infrastructure; +using FoxIDs.Models.Api; +using FoxIDs.Client.Services; +using Microsoft.AspNetCore.Components.Forms; +using ITfoxtec.Identity.BlazorWebAssembly.OpenidConnect; +using FoxIDs.Client.Infrastructure.Security; +using ITfoxtec.Identity; +using System.Net.Http; + +namespace FoxIDs.Client.Pages.Components +{ + public partial class ETrackLinkUpParty : UpPartyBase + { + protected override async Task OnInitializedAsync() + { + await base.OnInitializedAsync(); + if (!UpParty.CreateMode) + { + await DefaultLoadAsync(); + } + } + + private async Task DefaultLoadAsync() + { + try + { + var generalTrackLinkUpParty = UpParty as GeneralTrackLinkUpPartyViewModel; + var trackLinkUpParty = await UpPartyService.GetTrackLinkUpPartyAsync(UpParty.Name); + await generalTrackLinkUpParty.Form.InitAsync(ToViewModel(trackLinkUpParty)); + } + catch (TokenUnavailableException) + { + await (OpenidConnectPkce as TenantOpenidConnectPkce).TenantLoginAsync(); + } + catch (HttpRequestException ex) + { + UpParty.Error = ex.Message; + } + } + + private TrackLinkUpPartyViewModel ToViewModel(TrackLinkUpParty trackLinkUpParty) + { + return trackLinkUpParty.Map(afterMap => + { + afterMap.EnableSingleLogout = !trackLinkUpParty.DisableSingleLogout; + if (afterMap.ClaimTransforms?.Count > 0) + { + afterMap.ClaimTransforms = afterMap.ClaimTransforms.MapClaimTransforms(); + } + }); + } + + private void TrackLinkUpPartyViewModelAfterInit(GeneralTrackLinkUpPartyViewModel trackLinkUpParty, TrackLinkUpPartyViewModel model) + { + if (trackLinkUpParty.CreateMode) + { + model.SelectedUpParties = new List { "*" }; + model.Claims = new List { "*" }; + } + } + + private async Task OnEditTrackLinkUpPartyValidSubmitAsync(GeneralTrackLinkUpPartyViewModel generalTrackLinkUpParty, EditContext editContext) + { + try + { + if(generalTrackLinkUpParty.Form.Model.ClaimTransforms?.Count() > 0) + { + foreach (var claimTransform in generalTrackLinkUpParty.Form.Model.ClaimTransforms) + { + if (claimTransform is OAuthClaimTransformClaimInViewModel claimTransformClaimIn && !claimTransformClaimIn.ClaimIn.IsNullOrWhiteSpace()) + { + claimTransform.ClaimsIn = new List { claimTransformClaimIn.ClaimIn }; + } + } + } + + var trackLinkUpParty = generalTrackLinkUpParty.Form.Model.Map(afterMap: afterMap => + { + afterMap.DisableSingleLogout = !generalTrackLinkUpParty.Form.Model.EnableSingleLogout; + if (afterMap.ClaimTransforms?.Count() > 0) + { + int order = 1; + foreach (var claimTransform in afterMap.ClaimTransforms) + { + claimTransform.Order = order++; + } + } + }); + + if (generalTrackLinkUpParty.CreateMode) + { + var trackLinkUpPartyResult = await UpPartyService.CreateTrackLinkUpPartyAsync(trackLinkUpParty); + generalTrackLinkUpParty.Form.UpdateModel(ToViewModel(trackLinkUpPartyResult)); + generalTrackLinkUpParty.CreateMode = false; + toastService.ShowSuccess("OpenID Connect Up-party created."); + } + else + { + var trackLinkUpPartyResult = await UpPartyService.UpdateTrackLinkUpPartyAsync(trackLinkUpParty); + generalTrackLinkUpParty.Form.UpdateModel(ToViewModel(trackLinkUpPartyResult)); + toastService.ShowSuccess("OpenID Connect Up-party updated."); + } + + generalTrackLinkUpParty.Name = generalTrackLinkUpParty.Form.Model.Name; + } + catch (FoxIDsApiException ex) + { + if (ex.StatusCode == System.Net.HttpStatusCode.Conflict) + { + generalTrackLinkUpParty.Form.SetFieldError(nameof(generalTrackLinkUpParty.Form.Model.Name), ex.Message); + } + else + { + throw; + } + } + } + + private async Task DeleteTrackLinkUpPartyAsync(GeneralTrackLinkUpPartyViewModel generalTrackLinkUpParty) + { + try + { + await UpPartyService.DeleteTrackLinkUpPartyAsync(generalTrackLinkUpParty.Name); + UpParties.Remove(generalTrackLinkUpParty); + await OnStateHasChanged.InvokeAsync(UpParty); + } + catch (TokenUnavailableException) + { + await (OpenidConnectPkce as TenantOpenidConnectPkce).TenantLoginAsync(); + } + catch (Exception ex) + { + generalTrackLinkUpParty.Form.SetError(ex.Message); + } + } + } +} diff --git a/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkUpParty.razor b/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkUpParty.razor new file mode 100644 index 000000000..d3edd0e43 --- /dev/null +++ b/src/FoxIDs.ControlClient/Pages/Components/ETrackLinkUpParty.razor @@ -0,0 +1,129 @@ +@inherits UpPartyBase + +@{ + var trackLinkUpParty = UpParty as GeneralTrackLinkUpPartyViewModel; +} + + +
      +
      + Track link +
      + +
      +
      + @if (trackLinkUpParty.CreateMode) + { + + } + else + { + + } + + @if (trackLinkUpParty.ShowAdvanced) + { + + + } + + + +
        +
      • + @if (trackLinkUpParty.ShowTrackLinkTab) + { + Track link + } + else + { + + } +
        • +
      • + @if (trackLinkUpParty.ShowClaimTransformTab) + { + Claim transform + } + else + { + + } +
        • +
      • + @if (trackLinkUpParty.ShowSessionTab) + { + Logout session + } + else + { + + } +
        • +
      • + @if (trackLinkUpParty.ShowHrdTab) + { + Home Realm Discovery + } + else + { + + } +
        • +
      + +
      + @if (trackLinkUpParty.ShowTrackLinkTab) + { + + + + @if (trackLinkUpParty.ShowAdvanced) + { + + } + } + else if (trackLinkUpParty.ShowClaimTransformTab) + { + + + } + else if (trackLinkUpParty.ShowSessionTab) + { + + } + else if (trackLinkUpParty.ShowHrdTab) + { + + } +
      +
      + @if (!UpParty.CreateMode && UpParty.DeleteAcknowledge) + { +
      + +
      + } +
      + + @if (!UpParty.CreateMode) + { + + } + + +
      +       \ No newline at end of file diff --git a/src/FoxIDs.ControlClient/Pages/Components/UpPartyBase.cs b/src/FoxIDs.ControlClient/Pages/Components/UpPartyBase.cs index 2e1dd3252..1c9ad2cb7 100644 --- a/src/FoxIDs.ControlClient/Pages/Components/UpPartyBase.cs +++ b/src/FoxIDs.ControlClient/Pages/Components/UpPartyBase.cs @@ -53,24 +53,35 @@ public void ShowLoginTab(GeneralLoginUpPartyViewModel upParty, LoginTabTypes sam case LoginTabTypes.Login: upParty.ShowLoginTab = true; upParty.ShowClaimTransformTab = false; + upParty.ShowCreateUserTab = false; upParty.ShowSessionTab = false; upParty.ShowHrdTab = false; break; case LoginTabTypes.ClaimsTransform: upParty.ShowLoginTab = false; upParty.ShowClaimTransformTab = true; + upParty.ShowCreateUserTab = false; + upParty.ShowSessionTab = false; + upParty.ShowHrdTab = false; + break; + case LoginTabTypes.CreateUser: + upParty.ShowLoginTab = false; + upParty.ShowClaimTransformTab = false; + upParty.ShowCreateUserTab = true; upParty.ShowSessionTab = false; upParty.ShowHrdTab = false; break; case LoginTabTypes.Session: upParty.ShowLoginTab = false; upParty.ShowClaimTransformTab = false; + upParty.ShowCreateUserTab = false; upParty.ShowSessionTab = true; upParty.ShowHrdTab = false; break; case LoginTabTypes.Hrd: upParty.ShowLoginTab = false; upParty.ShowClaimTransformTab = false; + upParty.ShowCreateUserTab = false; upParty.ShowSessionTab = false; upParty.ShowHrdTab = true; break; @@ -145,6 +156,39 @@ public void ShowSamlTab(GeneralSamlUpPartyViewModel upParty, SamlTabTypes samlTa } } + public void ShowTrackLinkTab(GeneralTrackLinkUpPartyViewModel upParty, TrackLinkTabTypes trackLinkTabTypes) + { + switch (trackLinkTabTypes) + { + case TrackLinkTabTypes.TrackLink: + upParty.ShowTrackLinkTab = true; + upParty.ShowClaimTransformTab = false; + upParty.ShowSessionTab = false; + upParty.ShowHrdTab = false; + break; + case TrackLinkTabTypes.ClaimsTransform: + upParty.ShowTrackLinkTab = false; + upParty.ShowClaimTransformTab = true; + upParty.ShowSessionTab = false; + upParty.ShowHrdTab = false; + break; + case TrackLinkTabTypes.Session: + upParty.ShowTrackLinkTab = false; + upParty.ShowClaimTransformTab = false; + upParty.ShowSessionTab = true; + upParty.ShowHrdTab = false; + break; + case TrackLinkTabTypes.Hrd: + upParty.ShowTrackLinkTab = false; + upParty.ShowClaimTransformTab = false; + upParty.ShowSessionTab = false; + upParty.ShowHrdTab = true; + break; + default: + throw new NotSupportedException(); + } + } + public (string, string, string) GetRedirectAndLogoutUrls(string partyName, PartyBindingPatterns partyBindingPattern) { var partyBinding = (partyName.IsNullOrEmpty() ? "--up-party-name--" : partyName.ToLower()).ToUpPartyBinding(partyBindingPattern); diff --git a/src/FoxIDs.ControlClient/Pages/DownParties.cs b/src/FoxIDs.ControlClient/Pages/DownParties.cs index 2700abee5..6497808e3 100644 --- a/src/FoxIDs.ControlClient/Pages/DownParties.cs +++ b/src/FoxIDs.ControlClient/Pages/DownParties.cs @@ -99,6 +99,10 @@ private void SetGeneralDownParties(IEnumerable dataDownParties) { downParties.Add(new GeneralSamlDownPartyViewModel(dp)); } + else if (dp.Type == PartyTypes.TrackLink) + { + downParties.Add(new GeneralTrackLinkDownPartyViewModel(dp)); + } } } @@ -130,6 +134,13 @@ private void ShowCreateDownParty(PartyTypes type, OAuthSubPartyTypes? oauthSubPa samlDownParty.Edit = true; downParties.Add(samlDownParty); } + else if (type == PartyTypes.TrackLink) + { + var trackLinkDownParty = new GeneralTrackLinkDownPartyViewModel(); + trackLinkDownParty.CreateMode = true; + trackLinkDownParty.Edit = true; + downParties.Add(trackLinkDownParty); + } } private void ShowUpdateDownParty(GeneralDownPartyViewModel downParty) @@ -162,7 +173,12 @@ private string DownPartyInfoText(GeneralDownPartyViewModel downParty) else if (downParty.Type == PartyTypes.Saml2) { return $"SAML 2.0 - {downParty.Name}"; + } + else if (downParty.Type == PartyTypes.TrackLink) + { + return $"Track link - {downParty.Name}"; } + throw new NotSupportedException(); } } diff --git a/src/FoxIDs.ControlClient/Pages/DownParties.razor b/src/FoxIDs.ControlClient/Pages/DownParties.razor index 345e42b8b..ae24810d3 100644 --- a/src/FoxIDs.ControlClient/Pages/DownParties.razor +++ b/src/FoxIDs.ControlClient/Pages/DownParties.razor @@ -14,6 +14,8 @@ +
      + @@ -57,6 +59,10 @@ { } + else if (downParty.Type == PartyTypes.TrackLink) + { + + } } else { diff --git a/src/FoxIDs.ControlClient/Pages/LogSettings.cs b/src/FoxIDs.ControlClient/Pages/LogSettings.cs index 622023e9b..543ad4d2d 100644 --- a/src/FoxIDs.ControlClient/Pages/LogSettings.cs +++ b/src/FoxIDs.ControlClient/Pages/LogSettings.cs @@ -105,7 +105,7 @@ private async Task OnUpdateLogSettingsValidSubmitAsync(EditContext editContext) { await TrackService.SaveTrackLogSettingAsync(generalLogSettings.Form.Model); generalLogSettings.Edit = false; - toastService.ShowSuccess("Log settings updated.", "SUCCESS"); + toastService.ShowSuccess("Log settings updated."); } catch (Exception ex) { @@ -214,11 +214,11 @@ private async Task OnEditLogStreamSettingsValidSubmitAsync(GeneralLogStreamSetti updatedgeneralLogStreamSettings.LogStreamSettings = generalLogStreamSettings.Form.Model; if (generalLogStreamSettings.CreateMode) { - toastService.ShowSuccess("Log stream settings created.", "SUCCESS"); + toastService.ShowSuccess("Log stream settings created."); } else { - toastService.ShowSuccess("Log stream settings updated.", "SUCCESS"); + toastService.ShowSuccess("Log stream settings updated."); } generalLogStreamSettings.Edit = false; } diff --git a/src/FoxIDs.ControlClient/Pages/MailSettings.cs b/src/FoxIDs.ControlClient/Pages/MailSettings.cs index 450daa560..b82eef27e 100644 --- a/src/FoxIDs.ControlClient/Pages/MailSettings.cs +++ b/src/FoxIDs.ControlClient/Pages/MailSettings.cs @@ -150,7 +150,7 @@ await TrackService.UpdateTrackSendEmailAsync(new SendEmail { throw new NotImplementedException("Mail provider not implemented."); } - toastService.ShowSuccess("Mail settings updated.", "SUCCESS"); + toastService.ShowSuccess("Mail settings updated."); } catch (Exception ex) { diff --git a/src/FoxIDs.ControlClient/Pages/Plans.cs b/src/FoxIDs.ControlClient/Pages/Plans.cs index 5cc28d72a..2bddb489e 100644 --- a/src/FoxIDs.ControlClient/Pages/Plans.cs +++ b/src/FoxIDs.ControlClient/Pages/Plans.cs @@ -161,13 +161,13 @@ private async Task OnEditPlanValidSubmitAsync(GeneralPlanViewModel generalPlan, var planResult = await PlanService.CreatePlanAsync(generalPlan.Form.Model); generalPlan.Form.UpdateModel(planResult); generalPlan.CreateMode = false; - toastService.ShowSuccess("Plan created.", "SUCCESS"); + toastService.ShowSuccess("Plan created."); } else { var planResult = await PlanService.UpdatePlanAsync(generalPlan.Form.Model); generalPlan.Form.UpdateModel(planResult); - toastService.ShowSuccess("Plan updated.", "SUCCESS"); + toastService.ShowSuccess("Plan updated."); } generalPlan.Name = generalPlan.Form.Model.Name; diff --git a/src/FoxIDs.ControlClient/Pages/TenantSettings.cs b/src/FoxIDs.ControlClient/Pages/TenantSettings.cs index d326f2ca9..d66d98a10 100644 --- a/src/FoxIDs.ControlClient/Pages/TenantSettings.cs +++ b/src/FoxIDs.ControlClient/Pages/TenantSettings.cs @@ -95,7 +95,7 @@ private async Task OnUpdateTenantValidSubmitAsync(EditContext editContext) try { var myTenant = await MyTenantService.UpdateTenantAsync(tenantSettingsForm.Model.Map()); - toastService.ShowSuccess("Tenant settings updated.", "SUCCESS"); + toastService.ShowSuccess("Tenant settings updated."); savedCustomDomain = myTenant.CustomDomain; tenantSettingsForm.Model.CustomDomain = myTenant.CustomDomain; tenantSettingsForm.Model.CustomDomainVerified = myTenant.CustomDomainVerified; diff --git a/src/FoxIDs.ControlClient/Pages/Tenants.cs b/src/FoxIDs.ControlClient/Pages/Tenants.cs index cd0be3d2a..61f02ccdd 100644 --- a/src/FoxIDs.ControlClient/Pages/Tenants.cs +++ b/src/FoxIDs.ControlClient/Pages/Tenants.cs @@ -130,7 +130,7 @@ private async Task OnEditTenantValidSubmitAsync(GeneralTenantViewModel generalTe { var tenantResult = await TenantService.UpdateTenantAsync(generalTenant.Form.Model.Map()); generalTenant.Form.UpdateModel(tenantResult); - toastService.ShowSuccess("Tenant updated.", "SUCCESS"); + toastService.ShowSuccess("Tenant updated."); generalTenant.CustomDomain = generalTenant.Form.Model.CustomDomain; generalTenant.CustomDomainVerified = generalTenant.Form.Model.CustomDomainVerified; diff --git a/src/FoxIDs.ControlClient/Pages/TrackSettings.cs b/src/FoxIDs.ControlClient/Pages/TrackSettings.cs index ae5751f51..f853f21c3 100644 --- a/src/FoxIDs.ControlClient/Pages/TrackSettings.cs +++ b/src/FoxIDs.ControlClient/Pages/TrackSettings.cs @@ -86,7 +86,7 @@ private async Task OnUpdateTrackValidSubmitAsync(EditContext editContext) try { await TrackService.UpdateTrackAsync(trackSettingsForm.Model.Map()); - toastService.ShowSuccess("Track settings updated.", "SUCCESS"); + toastService.ShowSuccess("Track settings updated."); } catch (Exception ex) { diff --git a/src/FoxIDs.ControlClient/Pages/TrackSettings.razor b/src/FoxIDs.ControlClient/Pages/TrackSettings.razor index e228a32ae..467391b92 100644 --- a/src/FoxIDs.ControlClient/Pages/TrackSettings.razor +++ b/src/FoxIDs.ControlClient/Pages/TrackSettings.razor @@ -33,12 +33,20 @@ + +
      +

      User & login settings

      +
      + +
      +

      Iframe settings

      +
      @{var includeAllowIframeOnDomainsLabel = trackSettingsForm.Model.AllowIframeOnDomains?.Count > 0;}
      @@ -56,6 +58,10 @@ { } + else if (upParty.Type == PartyTypes.TrackLink) + { + + } } else { diff --git a/src/FoxIDs.ControlClient/Pages/Users.cs b/src/FoxIDs.ControlClient/Pages/Users.cs index d8f4892e5..ea7e3a1ab 100644 --- a/src/FoxIDs.ControlClient/Pages/Users.cs +++ b/src/FoxIDs.ControlClient/Pages/Users.cs @@ -179,13 +179,13 @@ private async Task OnEditUserValidSubmitAsync(GeneralUserViewModel generalUser, var userResult = await UserService.CreateUserAsync(generalUser.Form.Model.Map(afterMap: afterMap => afterMap.DisableAccount = !generalUser.Form.Model.AccountStatus)); generalUser.Form.UpdateModel(ToViewModel(userResult)); generalUser.CreateMode = false; - toastService.ShowSuccess("User created.", "SUCCESS"); + toastService.ShowSuccess("User created."); } else { var userResult = await UserService.UpdateUserAsync(generalUser.Form.Model.Map(afterMap: afterMap => afterMap.DisableAccount = !generalUser.Form.Model.AccountStatus)); generalUser.Form.UpdateModel(ToViewModel(userResult)); - toastService.ShowSuccess("User updated.", "SUCCESS"); + toastService.ShowSuccess("User updated."); } generalUser.Email = generalUser.Form.Model.Email; diff --git a/src/FoxIDs.ControlClient/Pages/Users.razor b/src/FoxIDs.ControlClient/Pages/Users.razor index fd90e3e89..f3b4ddfa1 100644 --- a/src/FoxIDs.ControlClient/Pages/Users.razor +++ b/src/FoxIDs.ControlClient/Pages/Users.razor @@ -46,9 +46,9 @@ } - + - + diff --git a/src/FoxIDs.ControlClient/Program.cs b/src/FoxIDs.ControlClient/Program.cs index cb50534e9..251f95d7e 100644 --- a/src/FoxIDs.ControlClient/Program.cs +++ b/src/FoxIDs.ControlClient/Program.cs @@ -2,7 +2,6 @@ using Microsoft.AspNetCore.Components.WebAssembly.Hosting; using Microsoft.Extensions.DependencyInjection; using FoxIDs.Client.Infrastructure.Hosting; -using Microsoft.AspNetCore.Components.Web; namespace FoxIDs.Client { diff --git a/src/FoxIDs.ControlClient/Services/DownPartyService.cs b/src/FoxIDs.ControlClient/Services/DownPartyService.cs index bfc3e5a4e..9c5954b62 100644 --- a/src/FoxIDs.ControlClient/Services/DownPartyService.cs +++ b/src/FoxIDs.ControlClient/Services/DownPartyService.cs @@ -14,6 +14,7 @@ public class DownPartyService : BaseService private const string oauthApiUri = "api/{tenant}/{track}/!oauthdownparty"; private const string oauthclientsecretApiUri = "api/{tenant}/{track}/!oauthclientsecretdownparty"; private const string samlApiUri = "api/{tenant}/{track}/!samldownparty"; + private const string trackLinkApiUri = "api/{tenant}/{track}/!tracklinkdownparty"; public DownPartyService(IHttpClientFactory httpClientFactory, RouteBindingLogic routeBindingLogic, TrackSelectedLogic trackSelectedLogic) : base(httpClientFactory, routeBindingLogic, trackSelectedLogic) { } @@ -42,5 +43,10 @@ public DownPartyService(IHttpClientFactory httpClientFactory, RouteBindingLogic public async Task CreateSamlDownPartyAsync(SamlDownParty party) => await PostResponseAsync(samlApiUri, party); public async Task UpdateSamlDownPartyAsync(SamlDownParty party) => await PutResponseAsync(samlApiUri, party); public async Task DeleteSamlDownPartyAsync(string name) => await DeleteAsync(samlApiUri, name); + + public async Task GetTrackLinkDownPartyAsync(string name) => await GetAsync(trackLinkApiUri, name); + public async Task CreateTrackLinkDownPartyAsync(TrackLinkDownParty party) => await PostResponseAsync(trackLinkApiUri, party); + public async Task UpdateTrackLinkDownPartyAsync(TrackLinkDownParty party) => await PutResponseAsync(trackLinkApiUri, party); + public async Task DeleteTrackLinkDownPartyAsync(string name) => await DeleteAsync(trackLinkApiUri, name); } } diff --git a/src/FoxIDs.ControlClient/Services/UpPartyService.cs b/src/FoxIDs.ControlClient/Services/UpPartyService.cs index 159ce2994..baa84d162 100644 --- a/src/FoxIDs.ControlClient/Services/UpPartyService.cs +++ b/src/FoxIDs.ControlClient/Services/UpPartyService.cs @@ -13,6 +13,7 @@ public class UpPartyService : BaseService private const string oidcApiUri = "api/{tenant}/{track}/!oidcupparty"; private const string samlApiUri = "api/{tenant}/{track}/!samlupparty"; private const string samlReadMetadataApiUri = "api/{tenant}/{track}/!samluppartyreadmetadata"; + private const string trackLinkApiUri = "api/{tenant}/{track}/!tracklinkupparty"; public UpPartyService(IHttpClientFactory httpClientFactory, RouteBindingLogic routeBindingLogic, TrackSelectedLogic trackSelectedLogic) : base(httpClientFactory, routeBindingLogic, trackSelectedLogic) { } @@ -35,5 +36,10 @@ public UpPartyService(IHttpClientFactory httpClientFactory, RouteBindingLogic ro public async Task DeleteSamlUpPartyAsync(string name) => await DeleteAsync(samlApiUri, name); public async Task ReadSamlUpPartyMetadataAsync(SamlReadMetadataRequest metadata) => await PostResponseAsync(samlReadMetadataApiUri, metadata); + + public async Task GetTrackLinkUpPartyAsync(string name) => await GetAsync(trackLinkApiUri, name); + public async Task CreateTrackLinkUpPartyAsync(TrackLinkUpParty party) => await PostResponseAsync(trackLinkApiUri, party); + public async Task UpdateTrackLinkUpPartyAsync(TrackLinkUpParty party) => await PutResponseAsync(trackLinkApiUri, party); + public async Task DeleteTrackLinkUpPartyAsync(string name) => await DeleteAsync(trackLinkApiUri, name); } } diff --git a/src/FoxIDs.ControlClient/Shared/Components/DynamicElements.razor b/src/FoxIDs.ControlClient/Shared/Components/DynamicElements.razor new file mode 100644 index 000000000..9035eba73 --- /dev/null +++ b/src/FoxIDs.ControlClient/Shared/Components/DynamicElements.razor @@ -0,0 +1,144 @@ +
      +
      + +@code { + [Parameter] + public IDynamicElementsViewModel Model { get; set; } + + private void AddElement(DynamicElementTypes dynamicElementTypes) + { + switch (dynamicElementTypes) + { + case DynamicElementTypes.EmailAndPassword: + Model.Elements.Add(new DynamicElementViewModel + { + IsStaticRequired = true, + Type = DynamicElementTypes.EmailAndPassword, + Required = true + }); + break; + case DynamicElementTypes.Name: + Model.Elements.Add(new DynamicElementViewModel + { + Type = DynamicElementTypes.Name + }); + break; + case DynamicElementTypes.GivenName: + Model.Elements.Add(new DynamicElementViewModel + { + Type = DynamicElementTypes.GivenName + }); + break; + case DynamicElementTypes.FamilyName: + Model.Elements.Add(new DynamicElementViewModel + { + Type = DynamicElementTypes.FamilyName + }); + break; + + default: + throw new NotSupportedException("Dynamic element type not supported."); + } + } + + private void RemoveElement(DynamicElementViewModel element) + { + Model.Elements.Remove(element); + } + + private void MoveUp(DynamicElementViewModel element) + { + var index = Model.Elements.IndexOf(element); + Model.Elements.RemoveAt(index); + Model.Elements.Insert(--index, element); + StateHasChanged(); + } + + private void MoveDown(DynamicElementViewModel element) + { + var index = Model.Elements.IndexOf(element); + Model.Elements.RemoveAt(index); + Model.Elements.Insert(++index, element); + StateHasChanged(); + } +} diff --git a/src/FoxIDs.ControlClient/Shared/Components/OAuthClaimTransforms.razor b/src/FoxIDs.ControlClient/Shared/Components/OAuthClaimTransforms.razor index 225a012a2..bb58794a3 100644 --- a/src/FoxIDs.ControlClient/Shared/Components/OAuthClaimTransforms.razor +++ b/src/FoxIDs.ControlClient/Shared/Components/OAuthClaimTransforms.razor @@ -281,7 +281,7 @@ break; default: - throw new NotSupportedException("claim transform type not supported."); + throw new NotSupportedException("Claim transform type not supported."); } } diff --git a/src/FoxIDs.ControlClient/Shared/MainLayout.razor b/src/FoxIDs.ControlClient/Shared/MainLayout.razor index 81e0a885f..93c94fff2 100644 --- a/src/FoxIDs.ControlClient/Shared/MainLayout.razor +++ b/src/FoxIDs.ControlClient/Shared/MainLayout.razor @@ -1,6 +1,6 @@ @inherits LayoutComponentBase - +
      diff --git a/src/FoxIDs.ControlClient/wwwroot/index.html b/src/FoxIDs.ControlClient/wwwroot/index.html index 425a65822..5c1944112 100644 --- a/src/FoxIDs.ControlClient/wwwroot/index.html +++ b/src/FoxIDs.ControlClient/wwwroot/index.html @@ -8,7 +8,7 @@ - + @@ -21,6 +21,7 @@ 🗙
      + diff --git a/src/FoxIDs.ControlClient/wwwroot/lib/popper/popper.min.js b/src/FoxIDs.ControlClient/wwwroot/lib/popper/popper.min.js new file mode 100644 index 000000000..bb1aaae3e --- /dev/null +++ b/src/FoxIDs.ControlClient/wwwroot/lib/popper/popper.min.js @@ -0,0 +1,5 @@ +/* + Copyright (C) Federico Zivolo 2020 + Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT). + */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=e.ownerDocument.defaultView,n=o.getComputedStyle(e,null);return t?n[t]:n}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll|overlay)/.test(r+s+p)?e:n(o(e))}function i(e){return e&&e.referenceNode?e.referenceNode:e}function r(e){return 11===e?re:10===e?pe:re||pe}function p(e){if(!e)return document.documentElement;for(var o=r(10)?document.body:null,n=e.offsetParent||null;n===o&&e.nextElementSibling;)n=(e=e.nextElementSibling).offsetParent;var i=n&&n.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TH','TD','TABLE'].indexOf(n.nodeName)&&'static'===t(n,'position')?p(n):n:e?e.ownerDocument.documentElement:document.documentElement}function s(e){var t=e.nodeName;return'BODY'!==t&&('HTML'===t||p(e.firstElementChild)===e)}function d(e){return null===e.parentNode?e:d(e.parentNode)}function a(e,t){if(!e||!e.nodeType||!t||!t.nodeType)return document.documentElement;var o=e.compareDocumentPosition(t)&Node.DOCUMENT_POSITION_FOLLOWING,n=o?e:t,i=o?t:e,r=document.createRange();r.setStart(n,0),r.setEnd(i,0);var l=r.commonAncestorContainer;if(e!==l&&t!==l||n.contains(i))return s(l)?l:p(l);var f=d(e);return f.host?a(f.host,t):a(e,d(t).host)}function l(e){var t=1=o.clientWidth&&n>=o.clientHeight}),l=0a[e]&&!t.escapeWithReference&&(n=Q(f[o],a[e]-('right'===e?f.width:f.height))),ae({},o,n)}};return l.forEach(function(e){var t=-1===['left','top'].indexOf(e)?'secondary':'primary';f=le({},f,m[t](e))}),e.offsets.popper=f,e},priority:['left','right','top','bottom'],padding:5,boundariesElement:'scrollParent'},keepTogether:{order:400,enabled:!0,fn:function(e){var t=e.offsets,o=t.popper,n=t.reference,i=e.placement.split('-')[0],r=Z,p=-1!==['top','bottom'].indexOf(i),s=p?'right':'bottom',d=p?'left':'top',a=p?'width':'height';return o[s]r(n[s])&&(e.offsets.popper[d]=r(n[s])),e}},arrow:{order:500,enabled:!0,fn:function(e,o){var n;if(!K(e.instance.modifiers,'arrow','keepTogether'))return e;var i=o.element;if('string'==typeof i){if(i=e.instance.popper.querySelector(i),!i)return e;}else if(!e.instance.popper.contains(i))return console.warn('WARNING: `arrow.element` must be child of its popper element!'),e;var r=e.placement.split('-')[0],p=e.offsets,s=p.popper,d=p.reference,a=-1!==['left','right'].indexOf(r),l=a?'height':'width',f=a?'Top':'Left',m=f.toLowerCase(),h=a?'left':'top',c=a?'bottom':'right',u=S(i)[l];d[c]-us[c]&&(e.offsets.popper[m]+=d[m]+u-s[c]),e.offsets.popper=g(e.offsets.popper);var b=d[m]+d[l]/2-u/2,w=t(e.instance.popper),y=parseFloat(w['margin'+f]),E=parseFloat(w['border'+f+'Width']),v=b-e.offsets.popper[m]-y-E;return v=ee(Q(s[l]-u,v),0),e.arrowElement=i,e.offsets.arrow=(n={},ae(n,m,$(v)),ae(n,h,''),n),e},element:'[x-arrow]'},flip:{order:600,enabled:!0,fn:function(e,t){if(W(e.instance.modifiers,'inner'))return e;if(e.flipped&&e.placement===e.originalPlacement)return e;var o=v(e.instance.popper,e.instance.reference,t.padding,t.boundariesElement,e.positionFixed),n=e.placement.split('-')[0],i=T(n),r=e.placement.split('-')[1]||'',p=[];switch(t.behavior){case ce.FLIP:p=[n,i];break;case ce.CLOCKWISE:p=G(n);break;case ce.COUNTERCLOCKWISE:p=G(n,!0);break;default:p=t.behavior;}return p.forEach(function(s,d){if(n!==s||p.length===d+1)return e;n=e.placement.split('-')[0],i=T(n);var a=e.offsets.popper,l=e.offsets.reference,f=Z,m='left'===n&&f(a.right)>f(l.left)||'right'===n&&f(a.left)f(l.top)||'bottom'===n&&f(a.top)f(o.right),g=f(a.top)f(o.bottom),b='left'===n&&h||'right'===n&&c||'top'===n&&g||'bottom'===n&&u,w=-1!==['top','bottom'].indexOf(n),y=!!t.flipVariations&&(w&&'start'===r&&h||w&&'end'===r&&c||!w&&'start'===r&&g||!w&&'end'===r&&u),E=!!t.flipVariationsByContent&&(w&&'start'===r&&c||w&&'end'===r&&h||!w&&'start'===r&&u||!w&&'end'===r&&g),v=y||E;(m||b||v)&&(e.flipped=!0,(m||b)&&(n=p[d+1]),v&&(r=z(r)),e.placement=n+(r?'-'+r:''),e.offsets.popper=le({},e.offsets.popper,C(e.instance.popper,e.offsets.reference,e.placement)),e=P(e.instance.modifiers,e,'flip'))}),e},behavior:'flip',padding:5,boundariesElement:'viewport',flipVariations:!1,flipVariationsByContent:!1},inner:{order:700,enabled:!1,fn:function(e){var t=e.placement,o=t.split('-')[0],n=e.offsets,i=n.popper,r=n.reference,p=-1!==['left','right'].indexOf(o),s=-1===['top','left'].indexOf(o);return i[p?'left':'top']=r[o]-(s?i[p?'width':'height']:0),e.placement=T(t),e.offsets.popper=g(i),e}},hide:{order:800,enabled:!0,fn:function(e){if(!K(e.instance.modifiers,'hide','preventOverflow'))return e;var t=e.offsets.reference,o=D(e.instance.modifiers,function(e){return'preventOverflow'===e.name}).boundaries;if(t.bottomo.right||t.top>o.bottom||t.rightwindow.devicePixelRatio||!fe),c='bottom'===o?'top':'bottom',g='right'===n?'left':'right',b=B('transform');if(d='bottom'==c?'HTML'===l.nodeName?-l.clientHeight+h.bottom:-f.height+h.bottom:h.top,s='right'==g?'HTML'===l.nodeName?-l.clientWidth+h.right:-f.width+h.right:h.left,a&&b)m[b]='translate3d('+s+'px, '+d+'px, 0)',m[c]=0,m[g]=0,m.willChange='transform';else{var w='bottom'==c?-1:1,y='right'==g?-1:1;m[c]=d*w,m[g]=s*y,m.willChange=c+', '+g}var E={"x-placement":e.placement};return e.attributes=le({},E,e.attributes),e.styles=le({},m,e.styles),e.arrowStyles=le({},e.offsets.arrow,e.arrowStyles),e},gpuAcceleration:!0,x:'bottom',y:'right'},applyStyle:{order:900,enabled:!0,fn:function(e){return V(e.instance.popper,e.styles),j(e.instance.popper,e.attributes),e.arrowElement&&Object.keys(e.arrowStyles).length&&V(e.arrowElement,e.arrowStyles),e},onLoad:function(e,t,o,n,i){var r=L(i,t,e,o.positionFixed),p=O(o.placement,r,t,e,o.modifiers.flip.boundariesElement,o.modifiers.flip.padding);return t.setAttribute('x-placement',p),V(t,{position:o.positionFixed?'fixed':'absolute'}),o},gpuAcceleration:void 0}}},ge}); +//# sourceMappingURL=popper.min.js.map diff --git a/src/FoxIDs.ControlClient/wwwroot/lib/popper/popper.min.js.map b/src/FoxIDs.ControlClient/wwwroot/lib/popper/popper.min.js.map new file mode 100644 index 000000000..9423c22a6 --- /dev/null +++ b/src/FoxIDs.ControlClient/wwwroot/lib/popper/popper.min.js.map @@ -0,0 +1 @@ +{"version":3,"file":"popper.min.js","sources":["../../src/utils/isFunction.js","../../src/utils/getStyleComputedProperty.js","../../src/utils/getParentNode.js","../../src/utils/getScrollParent.js","../../src/utils/getReferenceNode.js","../../src/utils/isIE.js","../../src/utils/getOffsetParent.js","../../src/utils/isOffsetContainer.js","../../src/utils/getRoot.js","../../src/utils/findCommonOffsetParent.js","../../src/utils/getScroll.js","../../src/utils/includeScroll.js","../../src/utils/getBordersSize.js","../../src/utils/getWindowSizes.js","../../src/utils/getClientRect.js","../../src/utils/getBoundingClientRect.js","../../src/utils/getOffsetRectRelativeToArbitraryNode.js","../../src/utils/getViewportOffsetRectRelativeToArtbitraryNode.js","../../src/utils/isFixed.js","../../src/utils/getFixedPositionOffsetParent.js","../../src/utils/getBoundaries.js","../../src/utils/computeAutoPlacement.js","../../src/utils/getReferenceOffsets.js","../../src/utils/getOuterSizes.js","../../src/utils/getOppositePlacement.js","../../src/utils/getPopperOffsets.js","../../src/utils/find.js","../../src/utils/findIndex.js","../../src/utils/runModifiers.js","../../src/methods/update.js","../../src/utils/isModifierEnabled.js","../../src/utils/getSupportedPropertyName.js","../../src/methods/destroy.js","../../src/utils/getWindow.js","../../src/utils/setupEventListeners.js","../../src/methods/enableEventListeners.js","../../src/utils/removeEventListeners.js","../../src/methods/disableEventListeners.js","../../src/utils/isNumeric.js","../../src/utils/setStyles.js","../../src/utils/setAttributes.js","../../src/utils/getRoundedOffsets.js","../../src/utils/isModifierRequired.js","../../src/utils/getOppositeVariation.js","../../src/utils/clockwise.js","../../src/modifiers/offset.js","../../src/modifiers/arrow.js","../../src/utils/isBrowser.js","../../src/utils/debounce.js","../../src/modifiers/computeStyle.js","../../src/modifiers/flip.js","../../src/index.js","../../src/methods/defaults.js","../../src/modifiers/index.js","../../src/modifiers/shift.js","../../src/modifiers/preventOverflow.js","../../src/modifiers/keepTogether.js","../../src/modifiers/inner.js","../../src/modifiers/hide.js","../../src/modifiers/applyStyle.js"],"sourcesContent":["/**\n * Check if the given variable is a function\n * @method\n * @memberof Popper.Utils\n * @argument {Any} functionToCheck - variable to check\n * @returns {Boolean} answer to: is a function?\n */\nexport default function isFunction(functionToCheck) {\n const getType = {};\n return (\n functionToCheck &&\n getType.toString.call(functionToCheck) === '[object Function]'\n );\n}\n","/**\n * Get CSS computed property of the given element\n * @method\n * @memberof Popper.Utils\n * @argument {Eement} element\n * @argument {String} property\n */\nexport default function getStyleComputedProperty(element, property) {\n if (element.nodeType !== 1) {\n return [];\n }\n // NOTE: 1 DOM access here\n const window = element.ownerDocument.defaultView;\n const css = window.getComputedStyle(element, null);\n return property ? css[property] : css;\n}\n","/**\n * Returns the parentNode or the host of the element\n * @method\n * @memberof Popper.Utils\n * @argument {Element} element\n * @returns {Element} parent\n */\nexport default function getParentNode(element) {\n if (element.nodeName === 'HTML') {\n return element;\n }\n return element.parentNode || element.host;\n}\n","import getStyleComputedProperty from './getStyleComputedProperty';\nimport getParentNode from './getParentNode';\n\n/**\n * Returns the scrolling parent of the given element\n * @method\n * @memberof Popper.Utils\n * @argument {Element} element\n * @returns {Element} scroll parent\n */\nexport default function getScrollParent(element) {\n // Return body, `getScroll` will take care to get the correct `scrollTop` from it\n if (!element) {\n return document.body\n }\n\n switch (element.nodeName) {\n case 'HTML':\n case 'BODY':\n return element.ownerDocument.body\n case '#document':\n return element.body\n }\n\n // Firefox want us to check `-x` and `-y` variations as well\n const { overflow, overflowX, overflowY } = getStyleComputedProperty(element);\n if (/(auto|scroll|overlay)/.test(overflow + overflowY + overflowX)) {\n return element;\n }\n\n return getScrollParent(getParentNode(element));\n}\n","/**\n * Returns the reference node of the reference object, or the reference object itself.\n * @method\n * @memberof Popper.Utils\n * @param {Element|Object} reference - the reference element (the popper will be relative to this)\n * @returns {Element} parent\n */\nexport default function getReferenceNode(reference) {\n return reference && reference.referenceNode ? reference.referenceNode : reference;\n}\n","import isBrowser from './isBrowser';\n\nconst isIE11 = isBrowser && !!(window.MSInputMethodContext && document.documentMode);\nconst isIE10 = isBrowser && /MSIE 10/.test(navigator.userAgent);\n\n/**\n * Determines if the browser is Internet Explorer\n * @method\n * @memberof Popper.Utils\n * @param {Number} version to check\n * @returns {Boolean} isIE\n */\nexport default function isIE(version) {\n if (version === 11) {\n return isIE11;\n }\n if (version === 10) {\n return isIE10;\n }\n return isIE11 || isIE10;\n}\n","import getStyleComputedProperty from './getStyleComputedProperty';\nimport isIE from './isIE';\n/**\n * Returns the offset parent of the given element\n * @method\n * @memberof Popper.Utils\n * @argument {Element} element\n * @returns {Element} offset parent\n */\nexport default function getOffsetParent(element) {\n if (!element) {\n return document.documentElement;\n }\n\n const noOffsetParent = isIE(10) ? document.body : null;\n\n // NOTE: 1 DOM access here\n let offsetParent = element.offsetParent || null;\n // Skip hidden elements which don't have an offsetParent\n while (offsetParent === noOffsetParent && element.nextElementSibling) {\n offsetParent = (element = element.nextElementSibling).offsetParent;\n }\n\n const nodeName = offsetParent && offsetParent.nodeName;\n\n if (!nodeName || nodeName === 'BODY' || nodeName === 'HTML') {\n return element ? element.ownerDocument.documentElement : document.documentElement;\n }\n\n // .offsetParent will return the closest TH, TD or TABLE in case\n // no offsetParent is present, I hate this job...\n if (\n ['TH', 'TD', 'TABLE'].indexOf(offsetParent.nodeName) !== -1 &&\n getStyleComputedProperty(offsetParent, 'position') === 'static'\n ) {\n return getOffsetParent(offsetParent);\n }\n\n return offsetParent;\n}\n","import getOffsetParent from './getOffsetParent';\n\nexport default function isOffsetContainer(element) {\n const { nodeName } = element;\n if (nodeName === 'BODY') {\n return false;\n }\n return (\n nodeName === 'HTML' || getOffsetParent(element.firstElementChild) === element\n );\n}\n","/**\n * Finds the root node (document, shadowDOM root) of the given element\n * @method\n * @memberof Popper.Utils\n * @argument {Element} node\n * @returns {Element} root node\n */\nexport default function getRoot(node) {\n if (node.parentNode !== null) {\n return getRoot(node.parentNode);\n }\n\n return node;\n}\n","import isOffsetContainer from './isOffsetContainer';\nimport getRoot from './getRoot';\nimport getOffsetParent from './getOffsetParent';\n\n/**\n * Finds the offset parent common to the two provided nodes\n * @method\n * @memberof Popper.Utils\n * @argument {Element} element1\n * @argument {Element} element2\n * @returns {Element} common offset parent\n */\nexport default function findCommonOffsetParent(element1, element2) {\n // This check is needed to avoid errors in case one of the elements isn't defined for any reason\n if (!element1 || !element1.nodeType || !element2 || !element2.nodeType) {\n return document.documentElement;\n }\n\n // Here we make sure to give as \"start\" the element that comes first in the DOM\n const order =\n element1.compareDocumentPosition(element2) &\n Node.DOCUMENT_POSITION_FOLLOWING;\n const start = order ? element1 : element2;\n const end = order ? element2 : element1;\n\n // Get common ancestor container\n const range = document.createRange();\n range.setStart(start, 0);\n range.setEnd(end, 0);\n const { commonAncestorContainer } = range;\n\n // Both nodes are inside #document\n if (\n (element1 !== commonAncestorContainer &&\n element2 !== commonAncestorContainer) ||\n start.contains(end)\n ) {\n if (isOffsetContainer(commonAncestorContainer)) {\n return commonAncestorContainer;\n }\n\n return getOffsetParent(commonAncestorContainer);\n }\n\n // one of the nodes is inside shadowDOM, find which one\n const element1root = getRoot(element1);\n if (element1root.host) {\n return findCommonOffsetParent(element1root.host, element2);\n } else {\n return findCommonOffsetParent(element1, getRoot(element2).host);\n }\n}\n","/**\n * Gets the scroll value of the given element in the given side (top and left)\n * @method\n * @memberof Popper.Utils\n * @argument {Element} element\n * @argument {String} side `top` or `left`\n * @returns {number} amount of scrolled pixels\n */\nexport default function getScroll(element, side = 'top') {\n const upperSide = side === 'top' ? 'scrollTop' : 'scrollLeft';\n const nodeName = element.nodeName;\n\n if (nodeName === 'BODY' || nodeName === 'HTML') {\n const html = element.ownerDocument.documentElement;\n const scrollingElement = element.ownerDocument.scrollingElement || html;\n return scrollingElement[upperSide];\n }\n\n return element[upperSide];\n}\n","import getScroll from './getScroll';\n\n/*\n * Sum or subtract the element scroll values (left and top) from a given rect object\n * @method\n * @memberof Popper.Utils\n * @param {Object} rect - Rect object you want to change\n * @param {HTMLElement} element - The element from the function reads the scroll values\n * @param {Boolean} subtract - set to true if you want to subtract the scroll values\n * @return {Object} rect - The modifier rect object\n */\nexport default function includeScroll(rect, element, subtract = false) {\n const scrollTop = getScroll(element, 'top');\n const scrollLeft = getScroll(element, 'left');\n const modifier = subtract ? -1 : 1;\n rect.top += scrollTop * modifier;\n rect.bottom += scrollTop * modifier;\n rect.left += scrollLeft * modifier;\n rect.right += scrollLeft * modifier;\n return rect;\n}\n","/*\n * Helper to detect borders of a given element\n * @method\n * @memberof Popper.Utils\n * @param {CSSStyleDeclaration} styles\n * Result of `getStyleComputedProperty` on the given element\n * @param {String} axis - `x` or `y`\n * @return {number} borders - The borders size of the given axis\n */\n\nexport default function getBordersSize(styles, axis) {\n const sideA = axis === 'x' ? 'Left' : 'Top';\n const sideB = sideA === 'Left' ? 'Right' : 'Bottom';\n\n return (\n parseFloat(styles[`border${sideA}Width`]) +\n parseFloat(styles[`border${sideB}Width`])\n );\n}\n","import isIE from './isIE';\n\nfunction getSize(axis, body, html, computedStyle) {\n return Math.max(\n body[`offset${axis}`],\n body[`scroll${axis}`],\n html[`client${axis}`],\n html[`offset${axis}`],\n html[`scroll${axis}`],\n isIE(10)\n ? (parseInt(html[`offset${axis}`]) + \n parseInt(computedStyle[`margin${axis === 'Height' ? 'Top' : 'Left'}`]) + \n parseInt(computedStyle[`margin${axis === 'Height' ? 'Bottom' : 'Right'}`]))\n : 0 \n );\n}\n\nexport default function getWindowSizes(document) {\n const body = document.body;\n const html = document.documentElement;\n const computedStyle = isIE(10) && getComputedStyle(html);\n\n return {\n height: getSize('Height', body, html, computedStyle),\n width: getSize('Width', body, html, computedStyle),\n };\n}\n","/**\n * Given element offsets, generate an output similar to getBoundingClientRect\n * @method\n * @memberof Popper.Utils\n * @argument {Object} offsets\n * @returns {Object} ClientRect like output\n */\nexport default function getClientRect(offsets) {\n return {\n ...offsets,\n right: offsets.left + offsets.width,\n bottom: offsets.top + offsets.height,\n };\n}\n","import getStyleComputedProperty from './getStyleComputedProperty';\nimport getBordersSize from './getBordersSize';\nimport getWindowSizes from './getWindowSizes';\nimport getScroll from './getScroll';\nimport getClientRect from './getClientRect';\nimport isIE from './isIE';\n\n/**\n * Get bounding client rect of given element\n * @method\n * @memberof Popper.Utils\n * @param {HTMLElement} element\n * @return {Object} client rect\n */\nexport default function getBoundingClientRect(element) {\n let rect = {};\n\n // IE10 10 FIX: Please, don't ask, the element isn't\n // considered in DOM in some circumstances...\n // This isn't reproducible in IE10 compatibility mode of IE11\n try {\n if (isIE(10)) {\n rect = element.getBoundingClientRect();\n const scrollTop = getScroll(element, 'top');\n const scrollLeft = getScroll(element, 'left');\n rect.top += scrollTop;\n rect.left += scrollLeft;\n rect.bottom += scrollTop;\n rect.right += scrollLeft;\n }\n else {\n rect = element.getBoundingClientRect();\n }\n }\n catch(e){}\n\n const result = {\n left: rect.left,\n top: rect.top,\n width: rect.right - rect.left,\n height: rect.bottom - rect.top,\n };\n\n // subtract scrollbar size from sizes\n const sizes = element.nodeName === 'HTML' ? getWindowSizes(element.ownerDocument) : {};\n const width =\n sizes.width || element.clientWidth || result.width;\n const height =\n sizes.height || element.clientHeight || result.height;\n\n let horizScrollbar = element.offsetWidth - width;\n let vertScrollbar = element.offsetHeight - height;\n\n // if an hypothetical scrollbar is detected, we must be sure it's not a `border`\n // we make this check conditional for performance reasons\n if (horizScrollbar || vertScrollbar) {\n const styles = getStyleComputedProperty(element);\n horizScrollbar -= getBordersSize(styles, 'x');\n vertScrollbar -= getBordersSize(styles, 'y');\n\n result.width -= horizScrollbar;\n result.height -= vertScrollbar;\n }\n\n return getClientRect(result);\n}\n","import getStyleComputedProperty from './getStyleComputedProperty';\nimport includeScroll from './includeScroll';\nimport getScrollParent from './getScrollParent';\nimport getBoundingClientRect from './getBoundingClientRect';\nimport runIsIE from './isIE';\nimport getClientRect from './getClientRect';\n\nexport default function getOffsetRectRelativeToArbitraryNode(children, parent, fixedPosition = false) {\n const isIE10 = runIsIE(10);\n const isHTML = parent.nodeName === 'HTML';\n const childrenRect = getBoundingClientRect(children);\n const parentRect = getBoundingClientRect(parent);\n const scrollParent = getScrollParent(children);\n\n const styles = getStyleComputedProperty(parent);\n const borderTopWidth = parseFloat(styles.borderTopWidth);\n const borderLeftWidth = parseFloat(styles.borderLeftWidth);\n\n // In cases where the parent is fixed, we must ignore negative scroll in offset calc\n if(fixedPosition && isHTML) {\n parentRect.top = Math.max(parentRect.top, 0);\n parentRect.left = Math.max(parentRect.left, 0);\n }\n let offsets = getClientRect({\n top: childrenRect.top - parentRect.top - borderTopWidth,\n left: childrenRect.left - parentRect.left - borderLeftWidth,\n width: childrenRect.width,\n height: childrenRect.height,\n });\n offsets.marginTop = 0;\n offsets.marginLeft = 0;\n\n // Subtract margins of documentElement in case it's being used as parent\n // we do this only on HTML because it's the only element that behaves\n // differently when margins are applied to it. The margins are included in\n // the box of the documentElement, in the other cases not.\n if (!isIE10 && isHTML) {\n const marginTop = parseFloat(styles.marginTop);\n const marginLeft = parseFloat(styles.marginLeft);\n\n offsets.top -= borderTopWidth - marginTop;\n offsets.bottom -= borderTopWidth - marginTop;\n offsets.left -= borderLeftWidth - marginLeft;\n offsets.right -= borderLeftWidth - marginLeft;\n\n // Attach marginTop and marginLeft because in some circumstances we may need them\n offsets.marginTop = marginTop;\n offsets.marginLeft = marginLeft;\n }\n\n if (\n isIE10 && !fixedPosition\n ? parent.contains(scrollParent)\n : parent === scrollParent && scrollParent.nodeName !== 'BODY'\n ) {\n offsets = includeScroll(offsets, parent);\n }\n\n return offsets;\n}\n","import getOffsetRectRelativeToArbitraryNode from './getOffsetRectRelativeToArbitraryNode';\nimport getScroll from './getScroll';\nimport getClientRect from './getClientRect';\n\nexport default function getViewportOffsetRectRelativeToArtbitraryNode(element, excludeScroll = false) {\n const html = element.ownerDocument.documentElement;\n const relativeOffset = getOffsetRectRelativeToArbitraryNode(element, html);\n const width = Math.max(html.clientWidth, window.innerWidth || 0);\n const height = Math.max(html.clientHeight, window.innerHeight || 0);\n\n const scrollTop = !excludeScroll ? getScroll(html) : 0;\n const scrollLeft = !excludeScroll ? getScroll(html, 'left') : 0;\n\n const offset = {\n top: scrollTop - relativeOffset.top + relativeOffset.marginTop,\n left: scrollLeft - relativeOffset.left + relativeOffset.marginLeft,\n width,\n height,\n };\n\n return getClientRect(offset);\n}\n","import getStyleComputedProperty from './getStyleComputedProperty';\nimport getParentNode from './getParentNode';\n\n/**\n * Check if the given element is fixed or is inside a fixed parent\n * @method\n * @memberof Popper.Utils\n * @argument {Element} element\n * @argument {Element} customContainer\n * @returns {Boolean} answer to \"isFixed?\"\n */\nexport default function isFixed(element) {\n const nodeName = element.nodeName;\n if (nodeName === 'BODY' || nodeName === 'HTML') {\n return false;\n }\n if (getStyleComputedProperty(element, 'position') === 'fixed') {\n return true;\n }\n const parentNode = getParentNode(element);\n if (!parentNode) {\n return false;\n }\n return isFixed(parentNode);\n}\n","import getStyleComputedProperty from './getStyleComputedProperty';\nimport isIE from './isIE';\n/**\n * Finds the first parent of an element that has a transformed property defined\n * @method\n * @memberof Popper.Utils\n * @argument {Element} element\n * @returns {Element} first transformed parent or documentElement\n */\n\nexport default function getFixedPositionOffsetParent(element) {\n // This check is needed to avoid errors in case one of the elements isn't defined for any reason\n if (!element || !element.parentElement || isIE()) {\n return document.documentElement;\n }\n let el = element.parentElement;\n while (el && getStyleComputedProperty(el, 'transform') === 'none') {\n el = el.parentElement;\n }\n return el || document.documentElement;\n\n}\n","import getScrollParent from './getScrollParent';\nimport getParentNode from './getParentNode';\nimport getReferenceNode from './getReferenceNode';\nimport findCommonOffsetParent from './findCommonOffsetParent';\nimport getOffsetRectRelativeToArbitraryNode from './getOffsetRectRelativeToArbitraryNode';\nimport getViewportOffsetRectRelativeToArtbitraryNode from './getViewportOffsetRectRelativeToArtbitraryNode';\nimport getWindowSizes from './getWindowSizes';\nimport isFixed from './isFixed';\nimport getFixedPositionOffsetParent from './getFixedPositionOffsetParent';\n\n/**\n * Computed the boundaries limits and return them\n * @method\n * @memberof Popper.Utils\n * @param {HTMLElement} popper\n * @param {HTMLElement} reference\n * @param {number} padding\n * @param {HTMLElement} boundariesElement - Element used to define the boundaries\n * @param {Boolean} fixedPosition - Is in fixed position mode\n * @returns {Object} Coordinates of the boundaries\n */\nexport default function getBoundaries(\n popper,\n reference,\n padding,\n boundariesElement,\n fixedPosition = false\n) {\n // NOTE: 1 DOM access here\n\n let boundaries = { top: 0, left: 0 };\n const offsetParent = fixedPosition ? getFixedPositionOffsetParent(popper) : findCommonOffsetParent(popper, getReferenceNode(reference));\n\n // Handle viewport case\n if (boundariesElement === 'viewport' ) {\n boundaries = getViewportOffsetRectRelativeToArtbitraryNode(offsetParent, fixedPosition);\n }\n\n else {\n // Handle other cases based on DOM element used as boundaries\n let boundariesNode;\n if (boundariesElement === 'scrollParent') {\n boundariesNode = getScrollParent(getParentNode(reference));\n if (boundariesNode.nodeName === 'BODY') {\n boundariesNode = popper.ownerDocument.documentElement;\n }\n } else if (boundariesElement === 'window') {\n boundariesNode = popper.ownerDocument.documentElement;\n } else {\n boundariesNode = boundariesElement;\n }\n\n const offsets = getOffsetRectRelativeToArbitraryNode(\n boundariesNode,\n offsetParent,\n fixedPosition\n );\n\n // In case of HTML, we need a different computation\n if (boundariesNode.nodeName === 'HTML' && !isFixed(offsetParent)) {\n const { height, width } = getWindowSizes(popper.ownerDocument);\n boundaries.top += offsets.top - offsets.marginTop;\n boundaries.bottom = height + offsets.top;\n boundaries.left += offsets.left - offsets.marginLeft;\n boundaries.right = width + offsets.left;\n } else {\n // for all the other DOM elements, this one is good\n boundaries = offsets;\n }\n }\n\n // Add paddings\n padding = padding || 0;\n const isPaddingNumber = typeof padding === 'number';\n boundaries.left += isPaddingNumber ? padding : padding.left || 0; \n boundaries.top += isPaddingNumber ? padding : padding.top || 0; \n boundaries.right -= isPaddingNumber ? padding : padding.right || 0; \n boundaries.bottom -= isPaddingNumber ? padding : padding.bottom || 0; \n\n return boundaries;\n}\n","import getBoundaries from '../utils/getBoundaries';\n\nfunction getArea({ width, height }) {\n return width * height;\n}\n\n/**\n * Utility used to transform the `auto` placement to the placement with more\n * available space.\n * @method\n * @memberof Popper.Utils\n * @argument {Object} data - The data object generated by update method\n * @argument {Object} options - Modifiers configuration and options\n * @returns {Object} The data object, properly modified\n */\nexport default function computeAutoPlacement(\n placement,\n refRect,\n popper,\n reference,\n boundariesElement,\n padding = 0\n) {\n if (placement.indexOf('auto') === -1) {\n return placement;\n }\n\n const boundaries = getBoundaries(\n popper,\n reference,\n padding,\n boundariesElement\n );\n\n const rects = {\n top: {\n width: boundaries.width,\n height: refRect.top - boundaries.top,\n },\n right: {\n width: boundaries.right - refRect.right,\n height: boundaries.height,\n },\n bottom: {\n width: boundaries.width,\n height: boundaries.bottom - refRect.bottom,\n },\n left: {\n width: refRect.left - boundaries.left,\n height: boundaries.height,\n },\n };\n\n const sortedAreas = Object.keys(rects)\n .map(key => ({\n key,\n ...rects[key],\n area: getArea(rects[key]),\n }))\n .sort((a, b) => b.area - a.area);\n\n const filteredAreas = sortedAreas.filter(\n ({ width, height }) =>\n width >= popper.clientWidth && height >= popper.clientHeight\n );\n\n const computedPlacement = filteredAreas.length > 0\n ? filteredAreas[0].key\n : sortedAreas[0].key;\n\n const variation = placement.split('-')[1];\n\n return computedPlacement + (variation ? `-${variation}` : '');\n}\n","import findCommonOffsetParent from './findCommonOffsetParent';\nimport getOffsetRectRelativeToArbitraryNode from './getOffsetRectRelativeToArbitraryNode';\nimport getFixedPositionOffsetParent from './getFixedPositionOffsetParent';\nimport getReferenceNode from './getReferenceNode';\n\n/**\n * Get offsets to the reference element\n * @method\n * @memberof Popper.Utils\n * @param {Object} state\n * @param {Element} popper - the popper element\n * @param {Element} reference - the reference element (the popper will be relative to this)\n * @param {Element} fixedPosition - is in fixed position mode\n * @returns {Object} An object containing the offsets which will be applied to the popper\n */\nexport default function getReferenceOffsets(state, popper, reference, fixedPosition = null) {\n const commonOffsetParent = fixedPosition ? getFixedPositionOffsetParent(popper) : findCommonOffsetParent(popper, getReferenceNode(reference));\n return getOffsetRectRelativeToArbitraryNode(reference, commonOffsetParent, fixedPosition);\n}\n","/**\n * Get the outer sizes of the given element (offset size + margins)\n * @method\n * @memberof Popper.Utils\n * @argument {Element} element\n * @returns {Object} object containing width and height properties\n */\nexport default function getOuterSizes(element) {\n const window = element.ownerDocument.defaultView;\n const styles = window.getComputedStyle(element);\n const x = parseFloat(styles.marginTop || 0) + parseFloat(styles.marginBottom || 0);\n const y = parseFloat(styles.marginLeft || 0) + parseFloat(styles.marginRight || 0);\n const result = {\n width: element.offsetWidth + y,\n height: element.offsetHeight + x,\n };\n return result;\n}\n","/**\n * Get the opposite placement of the given one\n * @method\n * @memberof Popper.Utils\n * @argument {String} placement\n * @returns {String} flipped placement\n */\nexport default function getOppositePlacement(placement) {\n const hash = { left: 'right', right: 'left', bottom: 'top', top: 'bottom' };\n return placement.replace(/left|right|bottom|top/g, matched => hash[matched]);\n}\n","import getOuterSizes from './getOuterSizes';\nimport getOppositePlacement from './getOppositePlacement';\n\n/**\n * Get offsets to the popper\n * @method\n * @memberof Popper.Utils\n * @param {Object} position - CSS position the Popper will get applied\n * @param {HTMLElement} popper - the popper element\n * @param {Object} referenceOffsets - the reference offsets (the popper will be relative to this)\n * @param {String} placement - one of the valid placement options\n * @returns {Object} popperOffsets - An object containing the offsets which will be applied to the popper\n */\nexport default function getPopperOffsets(popper, referenceOffsets, placement) {\n placement = placement.split('-')[0];\n\n // Get popper node sizes\n const popperRect = getOuterSizes(popper);\n\n // Add position, width and height to our offsets object\n const popperOffsets = {\n width: popperRect.width,\n height: popperRect.height,\n };\n\n // depending by the popper placement we have to compute its offsets slightly differently\n const isHoriz = ['right', 'left'].indexOf(placement) !== -1;\n const mainSide = isHoriz ? 'top' : 'left';\n const secondarySide = isHoriz ? 'left' : 'top';\n const measurement = isHoriz ? 'height' : 'width';\n const secondaryMeasurement = !isHoriz ? 'height' : 'width';\n\n popperOffsets[mainSide] =\n referenceOffsets[mainSide] +\n referenceOffsets[measurement] / 2 -\n popperRect[measurement] / 2;\n if (placement === secondarySide) {\n popperOffsets[secondarySide] =\n referenceOffsets[secondarySide] - popperRect[secondaryMeasurement];\n } else {\n popperOffsets[secondarySide] =\n referenceOffsets[getOppositePlacement(secondarySide)];\n }\n\n return popperOffsets;\n}\n","/**\n * Mimics the `find` method of Array\n * @method\n * @memberof Popper.Utils\n * @argument {Array} arr\n * @argument prop\n * @argument value\n * @returns index or -1\n */\nexport default function find(arr, check) {\n // use native find if supported\n if (Array.prototype.find) {\n return arr.find(check);\n }\n\n // use `filter` to obtain the same behavior of `find`\n return arr.filter(check)[0];\n}\n","import find from './find';\n\n/**\n * Return the index of the matching object\n * @method\n * @memberof Popper.Utils\n * @argument {Array} arr\n * @argument prop\n * @argument value\n * @returns index or -1\n */\nexport default function findIndex(arr, prop, value) {\n // use native findIndex if supported\n if (Array.prototype.findIndex) {\n return arr.findIndex(cur => cur[prop] === value);\n }\n\n // use `find` + `indexOf` if `findIndex` isn't supported\n const match = find(arr, obj => obj[prop] === value);\n return arr.indexOf(match);\n}\n","import isFunction from './isFunction';\nimport findIndex from './findIndex';\nimport getClientRect from '../utils/getClientRect';\n\n/**\n * Loop trough the list of modifiers and run them in order,\n * each of them will then edit the data object.\n * @method\n * @memberof Popper.Utils\n * @param {dataObject} data\n * @param {Array} modifiers\n * @param {String} ends - Optional modifier name used as stopper\n * @returns {dataObject}\n */\nexport default function runModifiers(modifiers, data, ends) {\n const modifiersToRun = ends === undefined\n ? modifiers\n : modifiers.slice(0, findIndex(modifiers, 'name', ends));\n\n modifiersToRun.forEach(modifier => {\n if (modifier['function']) { // eslint-disable-line dot-notation\n console.warn('`modifier.function` is deprecated, use `modifier.fn`!');\n }\n const fn = modifier['function'] || modifier.fn; // eslint-disable-line dot-notation\n if (modifier.enabled && isFunction(fn)) {\n // Add properties to offsets to make them a complete clientRect object\n // we do this before each modifier to make sure the previous one doesn't\n // mess with these values\n data.offsets.popper = getClientRect(data.offsets.popper);\n data.offsets.reference = getClientRect(data.offsets.reference);\n\n data = fn(data, modifier);\n }\n });\n\n return data;\n}\n","import computeAutoPlacement from '../utils/computeAutoPlacement';\nimport getReferenceOffsets from '../utils/getReferenceOffsets';\nimport getPopperOffsets from '../utils/getPopperOffsets';\nimport runModifiers from '../utils/runModifiers';\n\n/**\n * Updates the position of the popper, computing the new offsets and applying\n * the new style.
      \n * Prefer `scheduleUpdate` over `update` because of performance reasons.\n * @method\n * @memberof Popper\n */\nexport default function update() {\n // if popper is destroyed, don't perform any further update\n if (this.state.isDestroyed) {\n return;\n }\n\n let data = {\n instance: this,\n styles: {},\n arrowStyles: {},\n attributes: {},\n flipped: false,\n offsets: {},\n };\n\n // compute reference element offsets\n data.offsets.reference = getReferenceOffsets(\n this.state,\n this.popper,\n this.reference,\n this.options.positionFixed\n );\n\n // compute auto placement, store placement inside the data object,\n // modifiers will be able to edit `placement` if needed\n // and refer to originalPlacement to know the original value\n data.placement = computeAutoPlacement(\n this.options.placement,\n data.offsets.reference,\n this.popper,\n this.reference,\n this.options.modifiers.flip.boundariesElement,\n this.options.modifiers.flip.padding\n );\n\n // store the computed placement inside `originalPlacement`\n data.originalPlacement = data.placement;\n\n data.positionFixed = this.options.positionFixed;\n\n // compute the popper offsets\n data.offsets.popper = getPopperOffsets(\n this.popper,\n data.offsets.reference,\n data.placement\n );\n\n data.offsets.popper.position = this.options.positionFixed\n ? 'fixed'\n : 'absolute';\n\n // run the modifiers\n data = runModifiers(this.modifiers, data);\n\n // the first `update` will call `onCreate` callback\n // the other ones will call `onUpdate` callback\n if (!this.state.isCreated) {\n this.state.isCreated = true;\n this.options.onCreate(data);\n } else {\n this.options.onUpdate(data);\n }\n}\n","/**\n * Helper used to know if the given modifier is enabled.\n * @method\n * @memberof Popper.Utils\n * @returns {Boolean}\n */\nexport default function isModifierEnabled(modifiers, modifierName) {\n return modifiers.some(\n ({ name, enabled }) => enabled && name === modifierName\n );\n}\n","/**\n * Get the prefixed supported property name\n * @method\n * @memberof Popper.Utils\n * @argument {String} property (camelCase)\n * @returns {String} prefixed property (camelCase or PascalCase, depending on the vendor prefix)\n */\nexport default function getSupportedPropertyName(property) {\n const prefixes = [false, 'ms', 'Webkit', 'Moz', 'O'];\n const upperProp = property.charAt(0).toUpperCase() + property.slice(1);\n\n for (let i = 0; i < prefixes.length; i++) {\n const prefix = prefixes[i];\n const toCheck = prefix ? `${prefix}${upperProp}` : property;\n if (typeof document.body.style[toCheck] !== 'undefined') {\n return toCheck;\n }\n }\n return null;\n}\n","import isModifierEnabled from '../utils/isModifierEnabled';\nimport getSupportedPropertyName from '../utils/getSupportedPropertyName';\n\n/**\n * Destroys the popper.\n * @method\n * @memberof Popper\n */\nexport default function destroy() {\n this.state.isDestroyed = true;\n\n // touch DOM only if `applyStyle` modifier is enabled\n if (isModifierEnabled(this.modifiers, 'applyStyle')) {\n this.popper.removeAttribute('x-placement');\n this.popper.style.position = '';\n this.popper.style.top = '';\n this.popper.style.left = '';\n this.popper.style.right = '';\n this.popper.style.bottom = '';\n this.popper.style.willChange = '';\n this.popper.style[getSupportedPropertyName('transform')] = '';\n }\n\n this.disableEventListeners();\n\n // remove the popper if user explicitly asked for the deletion on destroy\n // do not use `remove` because IE11 doesn't support it\n if (this.options.removeOnDestroy) {\n this.popper.parentNode.removeChild(this.popper);\n }\n return this;\n}\n","/**\n * Get the window associated with the element\n * @argument {Element} element\n * @returns {Window}\n */\nexport default function getWindow(element) {\n const ownerDocument = element.ownerDocument;\n return ownerDocument ? ownerDocument.defaultView : window;\n}\n","import getScrollParent from './getScrollParent';\nimport getWindow from './getWindow';\n\nfunction attachToScrollParents(scrollParent, event, callback, scrollParents) {\n const isBody = scrollParent.nodeName === 'BODY';\n const target = isBody ? scrollParent.ownerDocument.defaultView : scrollParent;\n target.addEventListener(event, callback, { passive: true });\n\n if (!isBody) {\n attachToScrollParents(\n getScrollParent(target.parentNode),\n event,\n callback,\n scrollParents\n );\n }\n scrollParents.push(target);\n}\n\n/**\n * Setup needed event listeners used to update the popper position\n * @method\n * @memberof Popper.Utils\n * @private\n */\nexport default function setupEventListeners(\n reference,\n options,\n state,\n updateBound\n) {\n // Resize event listener on window\n state.updateBound = updateBound;\n getWindow(reference).addEventListener('resize', state.updateBound, { passive: true });\n\n // Scroll event listener on scroll parents\n const scrollElement = getScrollParent(reference);\n attachToScrollParents(\n scrollElement,\n 'scroll',\n state.updateBound,\n state.scrollParents\n );\n state.scrollElement = scrollElement;\n state.eventsEnabled = true;\n\n return state;\n}\n","import setupEventListeners from '../utils/setupEventListeners';\n\n/**\n * It will add resize/scroll events and start recalculating\n * position of the popper element when they are triggered.\n * @method\n * @memberof Popper\n */\nexport default function enableEventListeners() {\n if (!this.state.eventsEnabled) {\n this.state = setupEventListeners(\n this.reference,\n this.options,\n this.state,\n this.scheduleUpdate\n );\n }\n}\n","import getWindow from './getWindow';\n\n/**\n * Remove event listeners used to update the popper position\n * @method\n * @memberof Popper.Utils\n * @private\n */\nexport default function removeEventListeners(reference, state) {\n // Remove resize event listener on window\n getWindow(reference).removeEventListener('resize', state.updateBound);\n\n // Remove scroll event listener on scroll parents\n state.scrollParents.forEach(target => {\n target.removeEventListener('scroll', state.updateBound);\n });\n\n // Reset state\n state.updateBound = null;\n state.scrollParents = [];\n state.scrollElement = null;\n state.eventsEnabled = false;\n return state;\n}\n","import removeEventListeners from '../utils/removeEventListeners';\n\n/**\n * It will remove resize/scroll events and won't recalculate popper position\n * when they are triggered. It also won't trigger `onUpdate` callback anymore,\n * unless you call `update` method manually.\n * @method\n * @memberof Popper\n */\nexport default function disableEventListeners() {\n if (this.state.eventsEnabled) {\n cancelAnimationFrame(this.scheduleUpdate);\n this.state = removeEventListeners(this.reference, this.state);\n }\n}\n","/**\n * Tells if a given input is a number\n * @method\n * @memberof Popper.Utils\n * @param {*} input to check\n * @return {Boolean}\n */\nexport default function isNumeric(n) {\n return n !== '' && !isNaN(parseFloat(n)) && isFinite(n);\n}\n","import isNumeric from './isNumeric';\n\n/**\n * Set the style to the given popper\n * @method\n * @memberof Popper.Utils\n * @argument {Element} element - Element to apply the style to\n * @argument {Object} styles\n * Object with a list of properties and values which will be applied to the element\n */\nexport default function setStyles(element, styles) {\n Object.keys(styles).forEach(prop => {\n let unit = '';\n // add unit if the value is numeric and is one of the following\n if (\n ['width', 'height', 'top', 'right', 'bottom', 'left'].indexOf(prop) !==\n -1 &&\n isNumeric(styles[prop])\n ) {\n unit = 'px';\n }\n element.style[prop] = styles[prop] + unit;\n });\n}\n","/**\n * Set the attributes to the given popper\n * @method\n * @memberof Popper.Utils\n * @argument {Element} element - Element to apply the attributes to\n * @argument {Object} styles\n * Object with a list of properties and values which will be applied to the element\n */\nexport default function setAttributes(element, attributes) {\n Object.keys(attributes).forEach(function(prop) {\n const value = attributes[prop];\n if (value !== false) {\n element.setAttribute(prop, attributes[prop]);\n } else {\n element.removeAttribute(prop);\n }\n });\n}\n","/**\n * @function\n * @memberof Popper.Utils\n * @argument {Object} data - The data object generated by `update` method\n * @argument {Boolean} shouldRound - If the offsets should be rounded at all\n * @returns {Object} The popper's position offsets rounded\n *\n * The tale of pixel-perfect positioning. It's still not 100% perfect, but as\n * good as it can be within reason.\n * Discussion here: https://github.com/FezVrasta/popper.js/pull/715\n *\n * Low DPI screens cause a popper to be blurry if not using full pixels (Safari\n * as well on High DPI screens).\n *\n * Firefox prefers no rounding for positioning and does not have blurriness on\n * high DPI screens.\n *\n * Only horizontal placement and left/right values need to be considered.\n */\nexport default function getRoundedOffsets(data, shouldRound) {\n const { popper, reference } = data.offsets;\n const { round, floor } = Math;\n const noRound = v => v;\n \n const referenceWidth = round(reference.width);\n const popperWidth = round(popper.width);\n \n const isVertical = ['left', 'right'].indexOf(data.placement) !== -1;\n const isVariation = data.placement.indexOf('-') !== -1;\n const sameWidthParity = referenceWidth % 2 === popperWidth % 2;\n const bothOddWidth = referenceWidth % 2 === 1 && popperWidth % 2 === 1;\n\n const horizontalToInteger = !shouldRound\n ? noRound\n : isVertical || isVariation || sameWidthParity\n ? round\n : floor;\n const verticalToInteger = !shouldRound ? noRound : round;\n\n return {\n left: horizontalToInteger(\n bothOddWidth && !isVariation && shouldRound\n ? popper.left - 1\n : popper.left\n ),\n top: verticalToInteger(popper.top),\n bottom: verticalToInteger(popper.bottom),\n right: horizontalToInteger(popper.right),\n };\n}\n","import find from './find';\n\n/**\n * Helper used to know if the given modifier depends from another one.
      \n * It checks if the needed modifier is listed and enabled.\n * @method\n * @memberof Popper.Utils\n * @param {Array} modifiers - list of modifiers\n * @param {String} requestingName - name of requesting modifier\n * @param {String} requestedName - name of requested modifier\n * @returns {Boolean}\n */\nexport default function isModifierRequired(\n modifiers,\n requestingName,\n requestedName\n) {\n const requesting = find(modifiers, ({ name }) => name === requestingName);\n\n const isRequired =\n !!requesting &&\n modifiers.some(modifier => {\n return (\n modifier.name === requestedName &&\n modifier.enabled &&\n modifier.order < requesting.order\n );\n });\n\n if (!isRequired) {\n const requesting = `\\`${requestingName}\\``;\n const requested = `\\`${requestedName}\\``;\n console.warn(\n `${requested} modifier is required by ${requesting} modifier in order to work, be sure to include it before ${requesting}!`\n );\n }\n return isRequired;\n}\n","/**\n * Get the opposite placement variation of the given one\n * @method\n * @memberof Popper.Utils\n * @argument {String} placement variation\n * @returns {String} flipped placement variation\n */\nexport default function getOppositeVariation(variation) {\n if (variation === 'end') {\n return 'start';\n } else if (variation === 'start') {\n return 'end';\n }\n return variation;\n}\n","import placements from '../methods/placements';\n\n// Get rid of `auto` `auto-start` and `auto-end`\nconst validPlacements = placements.slice(3);\n\n/**\n * Given an initial placement, returns all the subsequent placements\n * clockwise (or counter-clockwise).\n *\n * @method\n * @memberof Popper.Utils\n * @argument {String} placement - A valid placement (it accepts variations)\n * @argument {Boolean} counter - Set to true to walk the placements counterclockwise\n * @returns {Array} placements including their variations\n */\nexport default function clockwise(placement, counter = false) {\n const index = validPlacements.indexOf(placement);\n const arr = validPlacements\n .slice(index + 1)\n .concat(validPlacements.slice(0, index));\n return counter ? arr.reverse() : arr;\n}\n","import isNumeric from '../utils/isNumeric';\nimport getClientRect from '../utils/getClientRect';\nimport find from '../utils/find';\n\n/**\n * Converts a string containing value + unit into a px value number\n * @function\n * @memberof {modifiers~offset}\n * @private\n * @argument {String} str - Value + unit string\n * @argument {String} measurement - `height` or `width`\n * @argument {Object} popperOffsets\n * @argument {Object} referenceOffsets\n * @returns {Number|String}\n * Value in pixels, or original string if no values were extracted\n */\nexport function toValue(str, measurement, popperOffsets, referenceOffsets) {\n // separate value from unit\n const split = str.match(/((?:\\-|\\+)?\\d*\\.?\\d*)(.*)/);\n const value = +split[1];\n const unit = split[2];\n\n // If it's not a number it's an operator, I guess\n if (!value) {\n return str;\n }\n\n if (unit.indexOf('%') === 0) {\n let element;\n switch (unit) {\n case '%p':\n element = popperOffsets;\n break;\n case '%':\n case '%r':\n default:\n element = referenceOffsets;\n }\n\n const rect = getClientRect(element);\n return rect[measurement] / 100 * value;\n } else if (unit === 'vh' || unit === 'vw') {\n // if is a vh or vw, we calculate the size based on the viewport\n let size;\n if (unit === 'vh') {\n size = Math.max(\n document.documentElement.clientHeight,\n window.innerHeight || 0\n );\n } else {\n size = Math.max(\n document.documentElement.clientWidth,\n window.innerWidth || 0\n );\n }\n return size / 100 * value;\n } else {\n // if is an explicit pixel unit, we get rid of the unit and keep the value\n // if is an implicit unit, it's px, and we return just the value\n return value;\n }\n}\n\n/**\n * Parse an `offset` string to extrapolate `x` and `y` numeric offsets.\n * @function\n * @memberof {modifiers~offset}\n * @private\n * @argument {String} offset\n * @argument {Object} popperOffsets\n * @argument {Object} referenceOffsets\n * @argument {String} basePlacement\n * @returns {Array} a two cells array with x and y offsets in numbers\n */\nexport function parseOffset(\n offset,\n popperOffsets,\n referenceOffsets,\n basePlacement\n) {\n const offsets = [0, 0];\n\n // Use height if placement is left or right and index is 0 otherwise use width\n // in this way the first offset will use an axis and the second one\n // will use the other one\n const useHeight = ['right', 'left'].indexOf(basePlacement) !== -1;\n\n // Split the offset string to obtain a list of values and operands\n // The regex addresses values with the plus or minus sign in front (+10, -20, etc)\n const fragments = offset.split(/(\\+|\\-)/).map(frag => frag.trim());\n\n // Detect if the offset string contains a pair of values or a single one\n // they could be separated by comma or space\n const divider = fragments.indexOf(\n find(fragments, frag => frag.search(/,|\\s/) !== -1)\n );\n\n if (fragments[divider] && fragments[divider].indexOf(',') === -1) {\n console.warn(\n 'Offsets separated by white space(s) are deprecated, use a comma (,) instead.'\n );\n }\n\n // If divider is found, we divide the list of values and operands to divide\n // them by ofset X and Y.\n const splitRegex = /\\s*,\\s*|\\s+/;\n let ops = divider !== -1\n ? [\n fragments\n .slice(0, divider)\n .concat([fragments[divider].split(splitRegex)[0]]),\n [fragments[divider].split(splitRegex)[1]].concat(\n fragments.slice(divider + 1)\n ),\n ]\n : [fragments];\n\n // Convert the values with units to absolute pixels to allow our computations\n ops = ops.map((op, index) => {\n // Most of the units rely on the orientation of the popper\n const measurement = (index === 1 ? !useHeight : useHeight)\n ? 'height'\n : 'width';\n let mergeWithPrevious = false;\n return (\n op\n // This aggregates any `+` or `-` sign that aren't considered operators\n // e.g.: 10 + +5 => [10, +, +5]\n .reduce((a, b) => {\n if (a[a.length - 1] === '' && ['+', '-'].indexOf(b) !== -1) {\n a[a.length - 1] = b;\n mergeWithPrevious = true;\n return a;\n } else if (mergeWithPrevious) {\n a[a.length - 1] += b;\n mergeWithPrevious = false;\n return a;\n } else {\n return a.concat(b);\n }\n }, [])\n // Here we convert the string values into number values (in px)\n .map(str => toValue(str, measurement, popperOffsets, referenceOffsets))\n );\n });\n\n // Loop trough the offsets arrays and execute the operations\n ops.forEach((op, index) => {\n op.forEach((frag, index2) => {\n if (isNumeric(frag)) {\n offsets[index] += frag * (op[index2 - 1] === '-' ? -1 : 1);\n }\n });\n });\n return offsets;\n}\n\n/**\n * @function\n * @memberof Modifiers\n * @argument {Object} data - The data object generated by update method\n * @argument {Object} options - Modifiers configuration and options\n * @argument {Number|String} options.offset=0\n * The offset value as described in the modifier description\n * @returns {Object} The data object, properly modified\n */\nexport default function offset(data, { offset }) {\n const { placement, offsets: { popper, reference } } = data;\n const basePlacement = placement.split('-')[0];\n\n let offsets;\n if (isNumeric(+offset)) {\n offsets = [+offset, 0];\n } else {\n offsets = parseOffset(offset, popper, reference, basePlacement);\n }\n\n if (basePlacement === 'left') {\n popper.top += offsets[0];\n popper.left -= offsets[1];\n } else if (basePlacement === 'right') {\n popper.top += offsets[0];\n popper.left += offsets[1];\n } else if (basePlacement === 'top') {\n popper.left += offsets[0];\n popper.top -= offsets[1];\n } else if (basePlacement === 'bottom') {\n popper.left += offsets[0];\n popper.top += offsets[1];\n }\n\n data.popper = popper;\n return data;\n}\n","import getClientRect from '../utils/getClientRect';\nimport getOuterSizes from '../utils/getOuterSizes';\nimport isModifierRequired from '../utils/isModifierRequired';\nimport getStyleComputedProperty from '../utils/getStyleComputedProperty';\n\n/**\n * @function\n * @memberof Modifiers\n * @argument {Object} data - The data object generated by update method\n * @argument {Object} options - Modifiers configuration and options\n * @returns {Object} The data object, properly modified\n */\nexport default function arrow(data, options) {\n // arrow depends on keepTogether in order to work\n if (!isModifierRequired(data.instance.modifiers, 'arrow', 'keepTogether')) {\n return data;\n }\n\n let arrowElement = options.element;\n\n // if arrowElement is a string, suppose it's a CSS selector\n if (typeof arrowElement === 'string') {\n arrowElement = data.instance.popper.querySelector(arrowElement);\n\n // if arrowElement is not found, don't run the modifier\n if (!arrowElement) {\n return data;\n }\n } else {\n // if the arrowElement isn't a query selector we must check that the\n // provided DOM node is child of its popper node\n if (!data.instance.popper.contains(arrowElement)) {\n console.warn(\n 'WARNING: `arrow.element` must be child of its popper element!'\n );\n return data;\n }\n }\n\n const placement = data.placement.split('-')[0];\n const { popper, reference } = data.offsets;\n const isVertical = ['left', 'right'].indexOf(placement) !== -1;\n\n const len = isVertical ? 'height' : 'width';\n const sideCapitalized = isVertical ? 'Top' : 'Left';\n const side = sideCapitalized.toLowerCase();\n const altSide = isVertical ? 'left' : 'top';\n const opSide = isVertical ? 'bottom' : 'right';\n const arrowElementSize = getOuterSizes(arrowElement)[len];\n\n //\n // extends keepTogether behavior making sure the popper and its\n // reference have enough pixels in conjunction\n //\n\n // top/left side\n if (reference[opSide] - arrowElementSize < popper[side]) {\n data.offsets.popper[side] -=\n popper[side] - (reference[opSide] - arrowElementSize);\n }\n // bottom/right side\n if (reference[side] + arrowElementSize > popper[opSide]) {\n data.offsets.popper[side] +=\n reference[side] + arrowElementSize - popper[opSide];\n }\n data.offsets.popper = getClientRect(data.offsets.popper);\n\n // compute center of the popper\n const center = reference[side] + reference[len] / 2 - arrowElementSize / 2;\n\n // Compute the sideValue using the updated popper offsets\n // take popper margin in account because we don't have this info available\n const css = getStyleComputedProperty(data.instance.popper);\n const popperMarginSide = parseFloat(css[`margin${sideCapitalized}`]);\n const popperBorderSide = parseFloat(css[`border${sideCapitalized}Width`]);\n let sideValue =\n center - data.offsets.popper[side] - popperMarginSide - popperBorderSide;\n\n // prevent arrowElement from being placed not contiguously to its popper\n sideValue = Math.max(Math.min(popper[len] - arrowElementSize, sideValue), 0);\n\n data.arrowElement = arrowElement;\n data.offsets.arrow = {\n [side]: Math.round(sideValue),\n [altSide]: '', // make sure to unset any eventual altSide value from the DOM node\n };\n\n return data;\n}\n","export default typeof window !== 'undefined' && typeof document !== 'undefined' && typeof navigator !== 'undefined';\n","import isBrowser from './isBrowser';\n\nconst timeoutDuration = (function(){\n const longerTimeoutBrowsers = ['Edge', 'Trident', 'Firefox'];\n for (let i = 0; i < longerTimeoutBrowsers.length; i += 1) {\n if (isBrowser && navigator.userAgent.indexOf(longerTimeoutBrowsers[i]) >= 0) {\n return 1;\n }\n }\n return 0;\n}());\n\nexport function microtaskDebounce(fn) {\n let called = false\n return () => {\n if (called) {\n return\n }\n called = true\n window.Promise.resolve().then(() => {\n called = false\n fn()\n })\n }\n}\n\nexport function taskDebounce(fn) {\n let scheduled = false;\n return () => {\n if (!scheduled) {\n scheduled = true;\n setTimeout(() => {\n scheduled = false;\n fn();\n }, timeoutDuration);\n }\n };\n}\n\nconst supportsMicroTasks = isBrowser && window.Promise\n\n\n/**\n* Create a debounced version of a method, that's asynchronously deferred\n* but called in the minimum time possible.\n*\n* @method\n* @memberof Popper.Utils\n* @argument {Function} fn\n* @returns {Function}\n*/\nexport default (supportsMicroTasks\n ? microtaskDebounce\n : taskDebounce);\n","import getSupportedPropertyName from '../utils/getSupportedPropertyName';\nimport find from '../utils/find';\nimport getOffsetParent from '../utils/getOffsetParent';\nimport getBoundingClientRect from '../utils/getBoundingClientRect';\nimport getRoundedOffsets from '../utils/getRoundedOffsets';\nimport isBrowser from '../utils/isBrowser';\n\nconst isFirefox = isBrowser && /Firefox/i.test(navigator.userAgent);\n\n/**\n * @function\n * @memberof Modifiers\n * @argument {Object} data - The data object generated by `update` method\n * @argument {Object} options - Modifiers configuration and options\n * @returns {Object} The data object, properly modified\n */\nexport default function computeStyle(data, options) {\n const { x, y } = options;\n const { popper } = data.offsets;\n\n // Remove this legacy support in Popper.js v2\n const legacyGpuAccelerationOption = find(\n data.instance.modifiers,\n modifier => modifier.name === 'applyStyle'\n ).gpuAcceleration;\n if (legacyGpuAccelerationOption !== undefined) {\n console.warn(\n 'WARNING: `gpuAcceleration` option moved to `computeStyle` modifier and will not be supported in future versions of Popper.js!'\n );\n }\n const gpuAcceleration =\n legacyGpuAccelerationOption !== undefined\n ? legacyGpuAccelerationOption\n : options.gpuAcceleration;\n\n const offsetParent = getOffsetParent(data.instance.popper);\n const offsetParentRect = getBoundingClientRect(offsetParent);\n\n // Styles\n const styles = {\n position: popper.position,\n };\n\n const offsets = getRoundedOffsets(\n data,\n window.devicePixelRatio < 2 || !isFirefox\n );\n\n const sideA = x === 'bottom' ? 'top' : 'bottom';\n const sideB = y === 'right' ? 'left' : 'right';\n\n // if gpuAcceleration is set to `true` and transform is supported,\n // we use `translate3d` to apply the position to the popper we\n // automatically use the supported prefixed version if needed\n const prefixedProperty = getSupportedPropertyName('transform');\n\n // now, let's make a step back and look at this code closely (wtf?)\n // If the content of the popper grows once it's been positioned, it\n // may happen that the popper gets misplaced because of the new content\n // overflowing its reference element\n // To avoid this problem, we provide two options (x and y), which allow\n // the consumer to define the offset origin.\n // If we position a popper on top of a reference element, we can set\n // `x` to `top` to make the popper grow towards its top instead of\n // its bottom.\n let left, top;\n if (sideA === 'bottom') {\n // when offsetParent is the positioning is relative to the bottom of the screen (excluding the scrollbar)\n // and not the bottom of the html element\n if (offsetParent.nodeName === 'HTML') {\n top = -offsetParent.clientHeight + offsets.bottom;\n } else {\n top = -offsetParentRect.height + offsets.bottom;\n }\n } else {\n top = offsets.top;\n }\n if (sideB === 'right') {\n if (offsetParent.nodeName === 'HTML') {\n left = -offsetParent.clientWidth + offsets.right;\n } else {\n left = -offsetParentRect.width + offsets.right;\n }\n } else {\n left = offsets.left;\n }\n if (gpuAcceleration && prefixedProperty) {\n styles[prefixedProperty] = `translate3d(${left}px, ${top}px, 0)`;\n styles[sideA] = 0;\n styles[sideB] = 0;\n styles.willChange = 'transform';\n } else {\n // othwerise, we use the standard `top`, `left`, `bottom` and `right` properties\n const invertTop = sideA === 'bottom' ? -1 : 1;\n const invertLeft = sideB === 'right' ? -1 : 1;\n styles[sideA] = top * invertTop;\n styles[sideB] = left * invertLeft;\n styles.willChange = `${sideA}, ${sideB}`;\n }\n\n // Attributes\n const attributes = {\n 'x-placement': data.placement,\n };\n\n // Update `data` attributes, styles and arrowStyles\n data.attributes = { ...attributes, ...data.attributes };\n data.styles = { ...styles, ...data.styles };\n data.arrowStyles = { ...data.offsets.arrow, ...data.arrowStyles };\n\n return data;\n}\n","import getOppositePlacement from '../utils/getOppositePlacement';\nimport getOppositeVariation from '../utils/getOppositeVariation';\nimport getPopperOffsets from '../utils/getPopperOffsets';\nimport runModifiers from '../utils/runModifiers';\nimport getBoundaries from '../utils/getBoundaries';\nimport isModifierEnabled from '../utils/isModifierEnabled';\nimport clockwise from '../utils/clockwise';\n\nconst BEHAVIORS = {\n FLIP: 'flip',\n CLOCKWISE: 'clockwise',\n COUNTERCLOCKWISE: 'counterclockwise',\n};\n\n/**\n * @function\n * @memberof Modifiers\n * @argument {Object} data - The data object generated by update method\n * @argument {Object} options - Modifiers configuration and options\n * @returns {Object} The data object, properly modified\n */\nexport default function flip(data, options) {\n // if `inner` modifier is enabled, we can't use the `flip` modifier\n if (isModifierEnabled(data.instance.modifiers, 'inner')) {\n return data;\n }\n\n if (data.flipped && data.placement === data.originalPlacement) {\n // seems like flip is trying to loop, probably there's not enough space on any of the flippable sides\n return data;\n }\n\n const boundaries = getBoundaries(\n data.instance.popper,\n data.instance.reference,\n options.padding,\n options.boundariesElement,\n data.positionFixed\n );\n\n let placement = data.placement.split('-')[0];\n let placementOpposite = getOppositePlacement(placement);\n let variation = data.placement.split('-')[1] || '';\n\n let flipOrder = [];\n\n switch (options.behavior) {\n case BEHAVIORS.FLIP:\n flipOrder = [placement, placementOpposite];\n break;\n case BEHAVIORS.CLOCKWISE:\n flipOrder = clockwise(placement);\n break;\n case BEHAVIORS.COUNTERCLOCKWISE:\n flipOrder = clockwise(placement, true);\n break;\n default:\n flipOrder = options.behavior;\n }\n\n flipOrder.forEach((step, index) => {\n if (placement !== step || flipOrder.length === index + 1) {\n return data;\n }\n\n placement = data.placement.split('-')[0];\n placementOpposite = getOppositePlacement(placement);\n\n const popperOffsets = data.offsets.popper;\n const refOffsets = data.offsets.reference;\n\n // using floor because the reference offsets may contain decimals we are not going to consider here\n const floor = Math.floor;\n const overlapsRef =\n (placement === 'left' &&\n floor(popperOffsets.right) > floor(refOffsets.left)) ||\n (placement === 'right' &&\n floor(popperOffsets.left) < floor(refOffsets.right)) ||\n (placement === 'top' &&\n floor(popperOffsets.bottom) > floor(refOffsets.top)) ||\n (placement === 'bottom' &&\n floor(popperOffsets.top) < floor(refOffsets.bottom));\n\n const overflowsLeft = floor(popperOffsets.left) < floor(boundaries.left);\n const overflowsRight = floor(popperOffsets.right) > floor(boundaries.right);\n const overflowsTop = floor(popperOffsets.top) < floor(boundaries.top);\n const overflowsBottom =\n floor(popperOffsets.bottom) > floor(boundaries.bottom);\n\n const overflowsBoundaries =\n (placement === 'left' && overflowsLeft) ||\n (placement === 'right' && overflowsRight) ||\n (placement === 'top' && overflowsTop) ||\n (placement === 'bottom' && overflowsBottom);\n\n // flip the variation if required\n const isVertical = ['top', 'bottom'].indexOf(placement) !== -1;\n\n // flips variation if reference element overflows boundaries\n const flippedVariationByRef =\n !!options.flipVariations &&\n ((isVertical && variation === 'start' && overflowsLeft) ||\n (isVertical && variation === 'end' && overflowsRight) ||\n (!isVertical && variation === 'start' && overflowsTop) ||\n (!isVertical && variation === 'end' && overflowsBottom));\n\n // flips variation if popper content overflows boundaries\n const flippedVariationByContent =\n !!options.flipVariationsByContent &&\n ((isVertical && variation === 'start' && overflowsRight) ||\n (isVertical && variation === 'end' && overflowsLeft) ||\n (!isVertical && variation === 'start' && overflowsBottom) ||\n (!isVertical && variation === 'end' && overflowsTop));\n\n const flippedVariation = flippedVariationByRef || flippedVariationByContent;\n\n if (overlapsRef || overflowsBoundaries || flippedVariation) {\n // this boolean to detect any flip loop\n data.flipped = true;\n\n if (overlapsRef || overflowsBoundaries) {\n placement = flipOrder[index + 1];\n }\n\n if (flippedVariation) {\n variation = getOppositeVariation(variation);\n }\n\n data.placement = placement + (variation ? '-' + variation : '');\n\n // this object contains `position`, we want to preserve it along with\n // any additional property we may add in the future\n data.offsets.popper = {\n ...data.offsets.popper,\n ...getPopperOffsets(\n data.instance.popper,\n data.offsets.reference,\n data.placement\n ),\n };\n\n data = runModifiers(data.instance.modifiers, data, 'flip');\n }\n });\n return data;\n}\n","// Utils\nimport debounce from './utils/debounce';\nimport isFunction from './utils/isFunction';\n\n// Methods\nimport update from './methods/update';\nimport destroy from './methods/destroy';\nimport enableEventListeners from './methods/enableEventListeners';\nimport disableEventListeners from './methods/disableEventListeners';\nimport Defaults from './methods/defaults';\nimport placements from './methods/placements';\n\nexport default class Popper {\n /**\n * Creates a new Popper.js instance.\n * @class Popper\n * @param {Element|referenceObject} reference - The reference element used to position the popper\n * @param {Element} popper - The HTML / XML element used as the popper\n * @param {Object} options - Your custom options to override the ones defined in [Defaults](#defaults)\n * @return {Object} instance - The generated Popper.js instance\n */\n constructor(reference, popper, options = {}) {\n // make update() debounced, so that it only runs at most once-per-tick\n this.update = debounce(this.update.bind(this));\n\n // with {} we create a new object with the options inside it\n this.options = { ...Popper.Defaults, ...options };\n\n // init state\n this.state = {\n isDestroyed: false,\n isCreated: false,\n scrollParents: [],\n };\n\n // get reference and popper elements (allow jQuery wrappers)\n this.reference = reference && reference.jquery ? reference[0] : reference;\n this.popper = popper && popper.jquery ? popper[0] : popper;\n\n // Deep merge modifiers options\n this.options.modifiers = {};\n Object.keys({\n ...Popper.Defaults.modifiers,\n ...options.modifiers,\n }).forEach(name => {\n this.options.modifiers[name] = {\n // If it's a built-in modifier, use it as base\n ...(Popper.Defaults.modifiers[name] || {}),\n // If there are custom options, override and merge with default ones\n ...(options.modifiers ? options.modifiers[name] : {}),\n };\n });\n\n // Refactoring modifiers' list (Object => Array)\n this.modifiers = Object.keys(this.options.modifiers)\n .map(name => ({\n name,\n ...this.options.modifiers[name],\n }))\n // sort the modifiers by order\n .sort((a, b) => a.order - b.order);\n\n // modifiers have the ability to execute arbitrary code when Popper.js get inited\n // such code is executed in the same order of its modifier\n // they could add new properties to their options configuration\n // BE AWARE: don't add options to `options.modifiers.name` but to `modifierOptions`!\n this.modifiers.forEach(modifierOptions => {\n if (modifierOptions.enabled && isFunction(modifierOptions.onLoad)) {\n modifierOptions.onLoad(\n this.reference,\n this.popper,\n this.options,\n modifierOptions,\n this.state\n );\n }\n });\n\n // fire the first update to position the popper in the right place\n this.update();\n\n const eventsEnabled = this.options.eventsEnabled;\n if (eventsEnabled) {\n // setup event listeners, they will take care of update the position in specific situations\n this.enableEventListeners();\n }\n\n this.state.eventsEnabled = eventsEnabled;\n }\n\n // We can't use class properties because they don't get listed in the\n // class prototype and break stuff like Sinon stubs\n update() {\n return update.call(this);\n }\n destroy() {\n return destroy.call(this);\n }\n enableEventListeners() {\n return enableEventListeners.call(this);\n }\n disableEventListeners() {\n return disableEventListeners.call(this);\n }\n\n /**\n * Schedules an update. It will run on the next UI update available.\n * @method scheduleUpdate\n * @memberof Popper\n */\n scheduleUpdate = () => requestAnimationFrame(this.update);\n\n /**\n * Collection of utilities useful when writing custom modifiers.\n * Starting from version 1.7, this method is available only if you\n * include `popper-utils.js` before `popper.js`.\n *\n * **DEPRECATION**: This way to access PopperUtils is deprecated\n * and will be removed in v2! Use the PopperUtils module directly instead.\n * Due to the high instability of the methods contained in Utils, we can't\n * guarantee them to follow semver. Use them at your own risk!\n * @static\n * @private\n * @type {Object}\n * @deprecated since version 1.8\n * @member Utils\n * @memberof Popper\n */\n static Utils = (typeof window !== 'undefined' ? window : global).PopperUtils;\n\n static placements = placements;\n\n static Defaults = Defaults;\n}\n\n/**\n * The `referenceObject` is an object that provides an interface compatible with Popper.js\n * and lets you use it as replacement of a real DOM node.
      \n * You can use this method to position a popper relatively to a set of coordinates\n * in case you don't have a DOM node to use as reference.\n *\n * ```\n * new Popper(referenceObject, popperNode);\n * ```\n *\n * NB: This feature isn't supported in Internet Explorer 10.\n * @name referenceObject\n * @property {Function} data.getBoundingClientRect\n * A function that returns a set of coordinates compatible with the native `getBoundingClientRect` method.\n * @property {number} data.clientWidth\n * An ES6 getter that will return the width of the virtual reference element.\n * @property {number} data.clientHeight\n * An ES6 getter that will return the height of the virtual reference element.\n */\n","import modifiers from '../modifiers/index';\n\n/**\n * Default options provided to Popper.js constructor.
      \n * These can be overridden using the `options` argument of Popper.js.
      \n * To override an option, simply pass an object with the same\n * structure of the `options` object, as the 3rd argument. For example:\n * ```\n * new Popper(ref, pop, {\n * modifiers: {\n * preventOverflow: { enabled: false }\n * }\n * })\n * ```\n * @type {Object}\n * @static\n * @memberof Popper\n */\nexport default {\n /**\n * Popper's placement.\n * @prop {Popper.placements} placement='bottom'\n */\n placement: 'bottom',\n\n /**\n * Set this to true if you want popper to position it self in 'fixed' mode\n * @prop {Boolean} positionFixed=false\n */\n positionFixed: false,\n\n /**\n * Whether events (resize, scroll) are initially enabled.\n * @prop {Boolean} eventsEnabled=true\n */\n eventsEnabled: true,\n\n /**\n * Set to true if you want to automatically remove the popper when\n * you call the `destroy` method.\n * @prop {Boolean} removeOnDestroy=false\n */\n removeOnDestroy: false,\n\n /**\n * Callback called when the popper is created.
      \n * By default, it is set to no-op.
      \n * Access Popper.js instance with `data.instance`.\n * @prop {onCreate}\n */\n onCreate: () => {},\n\n /**\n * Callback called when the popper is updated. This callback is not called\n * on the initialization/creation of the popper, but only on subsequent\n * updates.
      \n * By default, it is set to no-op.
      \n * Access Popper.js instance with `data.instance`.\n * @prop {onUpdate}\n */\n onUpdate: () => {},\n\n /**\n * List of modifiers used to modify the offsets before they are applied to the popper.\n * They provide most of the functionalities of Popper.js.\n * @prop {modifiers}\n */\n modifiers,\n};\n\n/**\n * @callback onCreate\n * @param {dataObject} data\n */\n\n/**\n * @callback onUpdate\n * @param {dataObject} data\n */\n","import applyStyle, { applyStyleOnLoad } from './applyStyle';\nimport computeStyle from './computeStyle';\nimport arrow from './arrow';\nimport flip from './flip';\nimport keepTogether from './keepTogether';\nimport offset from './offset';\nimport preventOverflow from './preventOverflow';\nimport shift from './shift';\nimport hide from './hide';\nimport inner from './inner';\n\n/**\n * Modifier function, each modifier can have a function of this type assigned\n * to its `fn` property.
      \n * These functions will be called on each update, this means that you must\n * make sure they are performant enough to avoid performance bottlenecks.\n *\n * @function ModifierFn\n * @argument {dataObject} data - The data object generated by `update` method\n * @argument {Object} options - Modifiers configuration and options\n * @returns {dataObject} The data object, properly modified\n */\n\n/**\n * Modifiers are plugins used to alter the behavior of your poppers.
      \n * Popper.js uses a set of 9 modifiers to provide all the basic functionalities\n * needed by the library.\n *\n * Usually you don't want to override the `order`, `fn` and `onLoad` props.\n * All the other properties are configurations that could be tweaked.\n * @namespace modifiers\n */\nexport default {\n /**\n * Modifier used to shift the popper on the start or end of its reference\n * element.
      \n * It will read the variation of the `placement` property.
      \n * It can be one either `-end` or `-start`.\n * @memberof modifiers\n * @inner\n */\n shift: {\n /** @prop {number} order=100 - Index used to define the order of execution */\n order: 100,\n /** @prop {Boolean} enabled=true - Whether the modifier is enabled or not */\n enabled: true,\n /** @prop {ModifierFn} */\n fn: shift,\n },\n\n /**\n * The `offset` modifier can shift your popper on both its axis.\n *\n * It accepts the following units:\n * - `px` or unit-less, interpreted as pixels\n * - `%` or `%r`, percentage relative to the length of the reference element\n * - `%p`, percentage relative to the length of the popper element\n * - `vw`, CSS viewport width unit\n * - `vh`, CSS viewport height unit\n *\n * For length is intended the main axis relative to the placement of the popper.
      \n * This means that if the placement is `top` or `bottom`, the length will be the\n * `width`. In case of `left` or `right`, it will be the `height`.\n *\n * You can provide a single value (as `Number` or `String`), or a pair of values\n * as `String` divided by a comma or one (or more) white spaces.
      \n * The latter is a deprecated method because it leads to confusion and will be\n * removed in v2.
      \n * Additionally, it accepts additions and subtractions between different units.\n * Note that multiplications and divisions aren't supported.\n *\n * Valid examples are:\n * ```\n * 10\n * '10%'\n * '10, 10'\n * '10%, 10'\n * '10 + 10%'\n * '10 - 5vh + 3%'\n * '-10px + 5vh, 5px - 6%'\n * ```\n * > **NB**: If you desire to apply offsets to your poppers in a way that may make them overlap\n * > with their reference element, unfortunately, you will have to disable the `flip` modifier.\n * > You can read more on this at this [issue](https://github.com/FezVrasta/popper.js/issues/373).\n *\n * @memberof modifiers\n * @inner\n */\n offset: {\n /** @prop {number} order=200 - Index used to define the order of execution */\n order: 200,\n /** @prop {Boolean} enabled=true - Whether the modifier is enabled or not */\n enabled: true,\n /** @prop {ModifierFn} */\n fn: offset,\n /** @prop {Number|String} offset=0\n * The offset value as described in the modifier description\n */\n offset: 0,\n },\n\n /**\n * Modifier used to prevent the popper from being positioned outside the boundary.\n *\n * A scenario exists where the reference itself is not within the boundaries.
      \n * We can say it has \"escaped the boundaries\" — or just \"escaped\".
      \n * In this case we need to decide whether the popper should either:\n *\n * - detach from the reference and remain \"trapped\" in the boundaries, or\n * - if it should ignore the boundary and \"escape with its reference\"\n *\n * When `escapeWithReference` is set to`true` and reference is completely\n * outside its boundaries, the popper will overflow (or completely leave)\n * the boundaries in order to remain attached to the edge of the reference.\n *\n * @memberof modifiers\n * @inner\n */\n preventOverflow: {\n /** @prop {number} order=300 - Index used to define the order of execution */\n order: 300,\n /** @prop {Boolean} enabled=true - Whether the modifier is enabled or not */\n enabled: true,\n /** @prop {ModifierFn} */\n fn: preventOverflow,\n /**\n * @prop {Array} [priority=['left','right','top','bottom']]\n * Popper will try to prevent overflow following these priorities by default,\n * then, it could overflow on the left and on top of the `boundariesElement`\n */\n priority: ['left', 'right', 'top', 'bottom'],\n /**\n * @prop {number} padding=5\n * Amount of pixel used to define a minimum distance between the boundaries\n * and the popper. This makes sure the popper always has a little padding\n * between the edges of its container\n */\n padding: 5,\n /**\n * @prop {String|HTMLElement} boundariesElement='scrollParent'\n * Boundaries used by the modifier. Can be `scrollParent`, `window`,\n * `viewport` or any DOM element.\n */\n boundariesElement: 'scrollParent',\n },\n\n /**\n * Modifier used to make sure the reference and its popper stay near each other\n * without leaving any gap between the two. Especially useful when the arrow is\n * enabled and you want to ensure that it points to its reference element.\n * It cares only about the first axis. You can still have poppers with margin\n * between the popper and its reference element.\n * @memberof modifiers\n * @inner\n */\n keepTogether: {\n /** @prop {number} order=400 - Index used to define the order of execution */\n order: 400,\n /** @prop {Boolean} enabled=true - Whether the modifier is enabled or not */\n enabled: true,\n /** @prop {ModifierFn} */\n fn: keepTogether,\n },\n\n /**\n * This modifier is used to move the `arrowElement` of the popper to make\n * sure it is positioned between the reference element and its popper element.\n * It will read the outer size of the `arrowElement` node to detect how many\n * pixels of conjunction are needed.\n *\n * It has no effect if no `arrowElement` is provided.\n * @memberof modifiers\n * @inner\n */\n arrow: {\n /** @prop {number} order=500 - Index used to define the order of execution */\n order: 500,\n /** @prop {Boolean} enabled=true - Whether the modifier is enabled or not */\n enabled: true,\n /** @prop {ModifierFn} */\n fn: arrow,\n /** @prop {String|HTMLElement} element='[x-arrow]' - Selector or node used as arrow */\n element: '[x-arrow]',\n },\n\n /**\n * Modifier used to flip the popper's placement when it starts to overlap its\n * reference element.\n *\n * Requires the `preventOverflow` modifier before it in order to work.\n *\n * **NOTE:** this modifier will interrupt the current update cycle and will\n * restart it if it detects the need to flip the placement.\n * @memberof modifiers\n * @inner\n */\n flip: {\n /** @prop {number} order=600 - Index used to define the order of execution */\n order: 600,\n /** @prop {Boolean} enabled=true - Whether the modifier is enabled or not */\n enabled: true,\n /** @prop {ModifierFn} */\n fn: flip,\n /**\n * @prop {String|Array} behavior='flip'\n * The behavior used to change the popper's placement. It can be one of\n * `flip`, `clockwise`, `counterclockwise` or an array with a list of valid\n * placements (with optional variations)\n */\n behavior: 'flip',\n /**\n * @prop {number} padding=5\n * The popper will flip if it hits the edges of the `boundariesElement`\n */\n padding: 5,\n /**\n * @prop {String|HTMLElement} boundariesElement='viewport'\n * The element which will define the boundaries of the popper position.\n * The popper will never be placed outside of the defined boundaries\n * (except if `keepTogether` is enabled)\n */\n boundariesElement: 'viewport',\n /**\n * @prop {Boolean} flipVariations=false\n * The popper will switch placement variation between `-start` and `-end` when\n * the reference element overlaps its boundaries.\n *\n * The original placement should have a set variation.\n */\n flipVariations: false,\n /**\n * @prop {Boolean} flipVariationsByContent=false\n * The popper will switch placement variation between `-start` and `-end` when\n * the popper element overlaps its reference boundaries.\n *\n * The original placement should have a set variation.\n */\n flipVariationsByContent: false,\n },\n\n /**\n * Modifier used to make the popper flow toward the inner of the reference element.\n * By default, when this modifier is disabled, the popper will be placed outside\n * the reference element.\n * @memberof modifiers\n * @inner\n */\n inner: {\n /** @prop {number} order=700 - Index used to define the order of execution */\n order: 700,\n /** @prop {Boolean} enabled=false - Whether the modifier is enabled or not */\n enabled: false,\n /** @prop {ModifierFn} */\n fn: inner,\n },\n\n /**\n * Modifier used to hide the popper when its reference element is outside of the\n * popper boundaries. It will set a `x-out-of-boundaries` attribute which can\n * be used to hide with a CSS selector the popper when its reference is\n * out of boundaries.\n *\n * Requires the `preventOverflow` modifier before it in order to work.\n * @memberof modifiers\n * @inner\n */\n hide: {\n /** @prop {number} order=800 - Index used to define the order of execution */\n order: 800,\n /** @prop {Boolean} enabled=true - Whether the modifier is enabled or not */\n enabled: true,\n /** @prop {ModifierFn} */\n fn: hide,\n },\n\n /**\n * Computes the style that will be applied to the popper element to gets\n * properly positioned.\n *\n * Note that this modifier will not touch the DOM, it just prepares the styles\n * so that `applyStyle` modifier can apply it. This separation is useful\n * in case you need to replace `applyStyle` with a custom implementation.\n *\n * This modifier has `850` as `order` value to maintain backward compatibility\n * with previous versions of Popper.js. Expect the modifiers ordering method\n * to change in future major versions of the library.\n *\n * @memberof modifiers\n * @inner\n */\n computeStyle: {\n /** @prop {number} order=850 - Index used to define the order of execution */\n order: 850,\n /** @prop {Boolean} enabled=true - Whether the modifier is enabled or not */\n enabled: true,\n /** @prop {ModifierFn} */\n fn: computeStyle,\n /**\n * @prop {Boolean} gpuAcceleration=true\n * If true, it uses the CSS 3D transformation to position the popper.\n * Otherwise, it will use the `top` and `left` properties\n */\n gpuAcceleration: true,\n /**\n * @prop {string} [x='bottom']\n * Where to anchor the X axis (`bottom` or `top`). AKA X offset origin.\n * Change this if your popper should grow in a direction different from `bottom`\n */\n x: 'bottom',\n /**\n * @prop {string} [x='left']\n * Where to anchor the Y axis (`left` or `right`). AKA Y offset origin.\n * Change this if your popper should grow in a direction different from `right`\n */\n y: 'right',\n },\n\n /**\n * Applies the computed styles to the popper element.\n *\n * All the DOM manipulations are limited to this modifier. This is useful in case\n * you want to integrate Popper.js inside a framework or view library and you\n * want to delegate all the DOM manipulations to it.\n *\n * Note that if you disable this modifier, you must make sure the popper element\n * has its position set to `absolute` before Popper.js can do its work!\n *\n * Just disable this modifier and define your own to achieve the desired effect.\n *\n * @memberof modifiers\n * @inner\n */\n applyStyle: {\n /** @prop {number} order=900 - Index used to define the order of execution */\n order: 900,\n /** @prop {Boolean} enabled=true - Whether the modifier is enabled or not */\n enabled: true,\n /** @prop {ModifierFn} */\n fn: applyStyle,\n /** @prop {Function} */\n onLoad: applyStyleOnLoad,\n /**\n * @deprecated since version 1.10.0, the property moved to `computeStyle` modifier\n * @prop {Boolean} gpuAcceleration=true\n * If true, it uses the CSS 3D transformation to position the popper.\n * Otherwise, it will use the `top` and `left` properties\n */\n gpuAcceleration: undefined,\n },\n};\n\n/**\n * The `dataObject` is an object containing all the information used by Popper.js.\n * This object is passed to modifiers and to the `onCreate` and `onUpdate` callbacks.\n * @name dataObject\n * @property {Object} data.instance The Popper.js instance\n * @property {String} data.placement Placement applied to popper\n * @property {String} data.originalPlacement Placement originally defined on init\n * @property {Boolean} data.flipped True if popper has been flipped by flip modifier\n * @property {Boolean} data.hide True if the reference element is out of boundaries, useful to know when to hide the popper\n * @property {HTMLElement} data.arrowElement Node used as arrow by arrow modifier\n * @property {Object} data.styles Any CSS property defined here will be applied to the popper. It expects the JavaScript nomenclature (eg. `marginBottom`)\n * @property {Object} data.arrowStyles Any CSS property defined here will be applied to the popper arrow. It expects the JavaScript nomenclature (eg. `marginBottom`)\n * @property {Object} data.boundaries Offsets of the popper boundaries\n * @property {Object} data.offsets The measurements of popper, reference and arrow elements\n * @property {Object} data.offsets.popper `top`, `left`, `width`, `height` values\n * @property {Object} data.offsets.reference `top`, `left`, `width`, `height` values\n * @property {Object} data.offsets.arrow] `top` and `left` offsets, only one of them will be different from 0\n */\n","/**\n * @function\n * @memberof Modifiers\n * @argument {Object} data - The data object generated by `update` method\n * @argument {Object} options - Modifiers configuration and options\n * @returns {Object} The data object, properly modified\n */\nexport default function shift(data) {\n const placement = data.placement;\n const basePlacement = placement.split('-')[0];\n const shiftvariation = placement.split('-')[1];\n\n // if shift shiftvariation is specified, run the modifier\n if (shiftvariation) {\n const { reference, popper } = data.offsets;\n const isVertical = ['bottom', 'top'].indexOf(basePlacement) !== -1;\n const side = isVertical ? 'left' : 'top';\n const measurement = isVertical ? 'width' : 'height';\n\n const shiftOffsets = {\n start: { [side]: reference[side] },\n end: {\n [side]: reference[side] + reference[measurement] - popper[measurement],\n },\n };\n\n data.offsets.popper = { ...popper, ...shiftOffsets[shiftvariation] };\n }\n\n return data;\n}\n","import getOffsetParent from '../utils/getOffsetParent';\nimport getBoundaries from '../utils/getBoundaries';\nimport getSupportedPropertyName from '../utils/getSupportedPropertyName';\n\n/**\n * @function\n * @memberof Modifiers\n * @argument {Object} data - The data object generated by `update` method\n * @argument {Object} options - Modifiers configuration and options\n * @returns {Object} The data object, properly modified\n */\nexport default function preventOverflow(data, options) {\n let boundariesElement =\n options.boundariesElement || getOffsetParent(data.instance.popper);\n\n // If offsetParent is the reference element, we really want to\n // go one step up and use the next offsetParent as reference to\n // avoid to make this modifier completely useless and look like broken\n if (data.instance.reference === boundariesElement) {\n boundariesElement = getOffsetParent(boundariesElement);\n }\n\n // NOTE: DOM access here\n // resets the popper's position so that the document size can be calculated excluding\n // the size of the popper element itself\n const transformProp = getSupportedPropertyName('transform');\n const popperStyles = data.instance.popper.style; // assignment to help minification\n const { top, left, [transformProp]: transform } = popperStyles;\n popperStyles.top = '';\n popperStyles.left = '';\n popperStyles[transformProp] = '';\n\n const boundaries = getBoundaries(\n data.instance.popper,\n data.instance.reference,\n options.padding,\n boundariesElement,\n data.positionFixed\n );\n\n // NOTE: DOM access here\n // restores the original style properties after the offsets have been computed\n popperStyles.top = top;\n popperStyles.left = left;\n popperStyles[transformProp] = transform;\n\n options.boundaries = boundaries;\n\n const order = options.priority;\n let popper = data.offsets.popper;\n\n const check = {\n primary(placement) {\n let value = popper[placement];\n if (\n popper[placement] < boundaries[placement] &&\n !options.escapeWithReference\n ) {\n value = Math.max(popper[placement], boundaries[placement]);\n }\n return { [placement]: value };\n },\n secondary(placement) {\n const mainSide = placement === 'right' ? 'left' : 'top';\n let value = popper[mainSide];\n if (\n popper[placement] > boundaries[placement] &&\n !options.escapeWithReference\n ) {\n value = Math.min(\n popper[mainSide],\n boundaries[placement] -\n (placement === 'right' ? popper.width : popper.height)\n );\n }\n return { [mainSide]: value };\n },\n };\n\n order.forEach(placement => {\n const side =\n ['left', 'top'].indexOf(placement) !== -1 ? 'primary' : 'secondary';\n popper = { ...popper, ...check[side](placement) };\n });\n\n data.offsets.popper = popper;\n\n return data;\n}\n","/**\n * @function\n * @memberof Modifiers\n * @argument {Object} data - The data object generated by update method\n * @argument {Object} options - Modifiers configuration and options\n * @returns {Object} The data object, properly modified\n */\nexport default function keepTogether(data) {\n const { popper, reference } = data.offsets;\n const placement = data.placement.split('-')[0];\n const floor = Math.floor;\n const isVertical = ['top', 'bottom'].indexOf(placement) !== -1;\n const side = isVertical ? 'right' : 'bottom';\n const opSide = isVertical ? 'left' : 'top';\n const measurement = isVertical ? 'width' : 'height';\n\n if (popper[side] < floor(reference[opSide])) {\n data.offsets.popper[opSide] =\n floor(reference[opSide]) - popper[measurement];\n }\n if (popper[opSide] > floor(reference[side])) {\n data.offsets.popper[opSide] = floor(reference[side]);\n }\n\n return data;\n}\n","import getClientRect from '../utils/getClientRect';\nimport getOppositePlacement from '../utils/getOppositePlacement';\n\n/**\n * @function\n * @memberof Modifiers\n * @argument {Object} data - The data object generated by `update` method\n * @argument {Object} options - Modifiers configuration and options\n * @returns {Object} The data object, properly modified\n */\nexport default function inner(data) {\n const placement = data.placement;\n const basePlacement = placement.split('-')[0];\n const { popper, reference } = data.offsets;\n const isHoriz = ['left', 'right'].indexOf(basePlacement) !== -1;\n\n const subtractLength = ['top', 'left'].indexOf(basePlacement) === -1;\n\n popper[isHoriz ? 'left' : 'top'] =\n reference[basePlacement] -\n (subtractLength ? popper[isHoriz ? 'width' : 'height'] : 0);\n\n data.placement = getOppositePlacement(placement);\n data.offsets.popper = getClientRect(popper);\n\n return data;\n}\n","import isModifierRequired from '../utils/isModifierRequired';\nimport find from '../utils/find';\n\n/**\n * @function\n * @memberof Modifiers\n * @argument {Object} data - The data object generated by update method\n * @argument {Object} options - Modifiers configuration and options\n * @returns {Object} The data object, properly modified\n */\nexport default function hide(data) {\n if (!isModifierRequired(data.instance.modifiers, 'hide', 'preventOverflow')) {\n return data;\n }\n\n const refRect = data.offsets.reference;\n const bound = find(\n data.instance.modifiers,\n modifier => modifier.name === 'preventOverflow'\n ).boundaries;\n\n if (\n refRect.bottom < bound.top ||\n refRect.left > bound.right ||\n refRect.top > bound.bottom ||\n refRect.right < bound.left\n ) {\n // Avoid unnecessary DOM access if visibility hasn't changed\n if (data.hide === true) {\n return data;\n }\n\n data.hide = true;\n data.attributes['x-out-of-boundaries'] = '';\n } else {\n // Avoid unnecessary DOM access if visibility hasn't changed\n if (data.hide === false) {\n return data;\n }\n\n data.hide = false;\n data.attributes['x-out-of-boundaries'] = false;\n }\n\n return data;\n}\n","import setStyles from '../utils/setStyles';\nimport setAttributes from '../utils/setAttributes';\nimport getReferenceOffsets from '../utils/getReferenceOffsets';\nimport computeAutoPlacement from '../utils/computeAutoPlacement';\n\n/**\n * @function\n * @memberof Modifiers\n * @argument {Object} data - The data object generated by `update` method\n * @argument {Object} data.styles - List of style properties - values to apply to popper element\n * @argument {Object} data.attributes - List of attribute properties - values to apply to popper element\n * @argument {Object} options - Modifiers configuration and options\n * @returns {Object} The same data object\n */\nexport default function applyStyle(data) {\n // any property present in `data.styles` will be applied to the popper,\n // in this way we can make the 3rd party modifiers add custom styles to it\n // Be aware, modifiers could override the properties defined in the previous\n // lines of this modifier!\n setStyles(data.instance.popper, data.styles);\n\n // any property present in `data.attributes` will be applied to the popper,\n // they will be set as HTML attributes of the element\n setAttributes(data.instance.popper, data.attributes);\n\n // if arrowElement is defined and arrowStyles has some properties\n if (data.arrowElement && Object.keys(data.arrowStyles).length) {\n setStyles(data.arrowElement, data.arrowStyles);\n }\n\n return data;\n}\n\n/**\n * Set the x-placement attribute before everything else because it could be used\n * to add margins to the popper margins needs to be calculated to get the\n * correct popper offsets.\n * @method\n * @memberof Popper.modifiers\n * @param {HTMLElement} reference - The reference element used to position the popper\n * @param {HTMLElement} popper - The HTML element used as popper\n * @param {Object} options - Popper.js options\n */\nexport function applyStyleOnLoad(\n reference,\n popper,\n options,\n modifierOptions,\n state\n) {\n // compute reference element offsets\n const referenceOffsets = getReferenceOffsets(state, popper, reference, options.positionFixed);\n\n // compute auto placement, store placement inside the data object,\n // modifiers will be able to edit `placement` if needed\n // and refer to originalPlacement to know the original value\n const placement = computeAutoPlacement(\n options.placement,\n referenceOffsets,\n popper,\n reference,\n options.modifiers.flip.boundariesElement,\n options.modifiers.flip.padding\n );\n\n popper.setAttribute('x-placement', placement);\n\n // Apply `position` to popper before anything else because\n // without the position applied we can't guarantee correct computations\n setStyles(popper, { position: options.positionFixed ? 'fixed' : 'absolute' });\n\n return options;\n}\n"],"names":["functionToCheck","getType","toString","call","element","nodeType","window","ownerDocument","defaultView","css","getComputedStyle","property","nodeName","parentNode","host","document","body","getStyleComputedProperty","overflow","overflowX","overflowY","test","getScrollParent","getParentNode","reference","referenceNode","version","isIE11","documentElement","noOffsetParent","isIE","offsetParent","nextElementSibling","indexOf","getOffsetParent","firstElementChild","node","getRoot","element1","element2","order","compareDocumentPosition","Node","DOCUMENT_POSITION_FOLLOWING","start","end","range","createRange","setStart","setEnd","commonAncestorContainer","contains","isOffsetContainer","element1root","findCommonOffsetParent","side","upperSide","html","scrollingElement","subtract","scrollTop","getScroll","scrollLeft","modifier","top","bottom","left","right","sideA","axis","sideB","parseFloat","styles","Math","parseInt","computedStyle","getSize","offsets","width","height","rect","getBoundingClientRect","result","sizes","getWindowSizes","clientWidth","clientHeight","horizScrollbar","offsetWidth","vertScrollbar","offsetHeight","getBordersSize","getClientRect","fixedPosition","isIE10","runIsIE","isHTML","parent","childrenRect","parentRect","scrollParent","borderTopWidth","borderLeftWidth","marginTop","marginLeft","includeScroll","excludeScroll","relativeOffset","getOffsetRectRelativeToArbitraryNode","innerWidth","innerHeight","offset","isFixed","parentElement","el","boundaries","getFixedPositionOffsetParent","getReferenceNode","boundariesElement","getViewportOffsetRectRelativeToArtbitraryNode","boundariesNode","popper","padding","isPaddingNumber","placement","getBoundaries","rects","refRect","sortedAreas","Object","keys","map","getArea","sort","b","area","a","filteredAreas","filter","computedPlacement","length","key","variation","split","commonOffsetParent","x","marginBottom","y","marginRight","hash","replace","popperRect","getOuterSizes","popperOffsets","isHoriz","mainSide","secondarySide","measurement","secondaryMeasurement","referenceOffsets","getOppositePlacement","Array","prototype","find","arr","findIndex","cur","match","obj","modifiersToRun","ends","modifiers","slice","forEach","warn","fn","enabled","isFunction","data","state","isDestroyed","getReferenceOffsets","options","positionFixed","computeAutoPlacement","flip","originalPlacement","getPopperOffsets","position","runModifiers","isCreated","onUpdate","onCreate","some","name","prefixes","upperProp","charAt","toUpperCase","i","prefix","toCheck","style","isModifierEnabled","removeAttribute","willChange","getSupportedPropertyName","disableEventListeners","removeOnDestroy","removeChild","isBody","target","addEventListener","passive","push","updateBound","scrollElement","scrollParents","eventsEnabled","setupEventListeners","scheduleUpdate","removeEventListener","removeEventListeners","n","isNaN","isFinite","unit","isNumeric","value","attributes","setAttribute","round","noRound","referenceWidth","popperWidth","isVertical","isVariation","horizontalToInteger","verticalToInteger","bothOddWidth","requesting","isRequired","requested","counter","index","validPlacements","concat","reverse","str","size","useHeight","fragments","frag","trim","divider","search","splitRegex","ops","mergeWithPrevious","op","reduce","toValue","index2","basePlacement","parseOffset","min","floor","max","navigator","longerTimeoutBrowsers","isBrowser","userAgent","supportsMicroTasks","Promise","called","resolve","then","scheduled","MSInputMethodContext","documentMode","isFirefox","placements","BEHAVIORS","Popper","requestAnimationFrame","update","debounce","bind","Defaults","jquery","modifierOptions","onLoad","enableEventListeners","destroy","Utils","global","PopperUtils","shiftvariation","shiftOffsets","instance","transformProp","popperStyles","transform","priority","check","escapeWithReference","opSide","isModifierRequired","arrowElement","querySelector","len","sideCapitalized","toLowerCase","altSide","arrowElementSize","center","popperMarginSide","popperBorderSide","sideValue","arrow","flipped","placementOpposite","flipOrder","behavior","FLIP","CLOCKWISE","clockwise","COUNTERCLOCKWISE","refOffsets","overlapsRef","overflowsLeft","overflowsRight","overflowsTop","overflowsBottom","overflowsBoundaries","flippedVariationByRef","flipVariations","flippedVariationByContent","flipVariationsByContent","flippedVariation","getOppositeVariation","subtractLength","bound","hide","legacyGpuAccelerationOption","gpuAcceleration","offsetParentRect","getRoundedOffsets","devicePixelRatio","prefixedProperty","invertTop","invertLeft","arrowStyles"],"mappings":";;;sLAOA,aAAoD,OAGhDA,IAC2C,mBAA3CC,MAAQC,QAARD,CAAiBE,IAAjBF,ICJJ,eAAoE,IACzC,CAArBG,KAAQC,qBAINC,GAASF,EAAQG,aAARH,CAAsBI,YAC/BC,EAAMH,EAAOI,gBAAPJ,GAAiC,IAAjCA,QACLK,GAAWF,IAAXE,GCPT,aAA+C,OACpB,MAArBP,KAAQQ,QADiC,GAItCR,EAAQS,UAART,EAAsBA,EAAQU,KCDvC,aAAiD,IAE3C,SACKC,UAASC,YAGVZ,EAAQQ,cACT,WACA,aACIR,GAAQG,aAARH,CAAsBY,SAC1B,kBACIZ,GAAQY,YAIwBC,KAAnCC,IAAAA,SAAUC,IAAAA,UAAWC,IAAAA,UAfkB,MAgB3C,yBAAwBC,IAAxB,CAA6BH,KAA7B,CAhB2C,GAoBxCI,EAAgBC,IAAhBD,ECvBT,aAAoD,OAC3CE,IAAaA,EAAUC,aAAvBD,CAAuCA,EAAUC,aAAjDD,GCIT,aAAsC,OACpB,GAAZE,IADgC,IAIpB,EAAZA,IAJgC,IAO7BC,OCVT,aAAiD,IAC3C,SACKZ,UAASa,gBAF6B,OAKzCC,GAAiBC,EAAK,EAALA,EAAWf,SAASC,IAApBc,CAA2B,KAG9CC,EAAe3B,EAAQ2B,YAAR3B,EAAwB,IARI,CAUxC2B,OAAmC3B,EAAQ4B,kBAVH,IAW9B,CAAC5B,EAAUA,EAAQ4B,kBAAnB,EAAuCD,gBAGlDnB,GAAWmB,GAAgBA,EAAanB,SAdC,MAgB3C,IAA0B,MAAbA,IAAb,EAAiD,MAAbA,IAhBO,CAuBY,CAAC,CAA1D,uBAAsBqB,OAAtB,CAA8BF,EAAanB,QAA3C,GACuD,QAAvDK,OAAuC,UAAvCA,CAxB6C,CA0BtCiB,IA1BsC,GAiBtC9B,EAAUA,EAAQG,aAARH,CAAsBwB,eAAhCxB,CAAkDW,SAASa,6BCxBnB,IACzChB,GAAaR,EAAbQ,SADyC,MAEhC,MAAbA,IAF6C,GAMlC,MAAbA,MAAuBsB,EAAgB9B,EAAQ+B,iBAAxBD,KANwB,ECKnD,aAAsC,OACZ,KAApBE,KAAKvB,UAD2B,GAE3BwB,EAAQD,EAAKvB,UAAbwB,ECGX,eAAmE,IAE7D,IAAa,CAACC,EAASjC,QAAvB,EAAmC,EAAnC,EAAgD,CAACkC,EAASlC,eACrDU,UAASa,mBAIZY,GACJF,EAASG,uBAATH,IACAI,KAAKC,4BACDC,EAAQJ,MACRK,EAAML,MAGNM,EAAQ/B,SAASgC,WAAThC,KACRiC,WAAgB,EAf2C,GAgB3DC,SAAY,EAhB+C,IAiBzDC,GAA4BJ,EAA5BI,2BAILZ,OACCC,KADDD,EAEDM,EAAMO,QAANP,UAEIQ,QAIGlB,QAIHmB,GAAehB,KAjC4C,MAkC7DgB,GAAavC,IAlCgD,CAmCxDwC,EAAuBD,EAAavC,IAApCwC,GAnCwD,CAqCxDA,IAAiCjB,KAAkBvB,IAAnDwC,ECzCX,aAAyD,IAAdC,0DAAO,MAC1CC,EAAqB,KAATD,KAAiB,WAAjBA,CAA+B,aAC3C3C,EAAWR,EAAQQ,YAER,MAAbA,MAAoC,MAAbA,KAAqB,IACxC6C,GAAOrD,EAAQG,aAARH,CAAsBwB,gBAC7B8B,EAAmBtD,EAAQG,aAARH,CAAsBsD,gBAAtBtD,UAClBsD,YAGFtD,MCPT,eAAuE,IAAlBuD,4CAAAA,eAC7CC,EAAYC,IAAmB,KAAnBA,EACZC,EAAaD,IAAmB,MAAnBA,EACbE,EAAWJ,EAAW,CAAC,CAAZA,CAAgB,WAC5BK,KAAOJ,MACPK,QAAUL,MACVM,MAAQJ,MACRK,OAASL,MCRhB,eAAqD,IAC7CM,GAAiB,GAATC,KAAe,MAAfA,CAAwB,MAChCC,EAAkB,MAAVF,IAAmB,OAAnBA,CAA6B,eAGzCG,YAAWC,oBAAAA,CAAXD,EACAA,WAAWC,oBAAAA,CAAXD,qBCd8C,OACzCE,IACLzD,YAAAA,CADKyD,CAELzD,YAAAA,CAFKyD,CAGLhB,YAAAA,CAHKgB,CAILhB,YAAAA,CAJKgB,CAKLhB,YAAAA,CALKgB,CAML3C,EAAK,EAALA,EACK4C,SAASjB,YAAAA,CAATiB,EACHA,SAASC,YAAgC,QAATN,KAAoB,KAApBA,CAA4B,OAAnDM,CAATD,CADGA,CAEHA,SAASC,YAAgC,QAATN,KAAoB,QAApBA,CAA+B,QAAtDM,CAATD,CAHF5C,CAIE,CAVG2C,EAcT,aAAiD,IACzCzD,GAAOD,EAASC,KAChByC,EAAO1C,EAASa,gBAChB+C,EAAgB7C,EAAK,EAALA,GAAYpB,0BAE3B,QACGkE,EAAQ,QAARA,OADH,OAEEA,EAAQ,OAARA,OAFF,ECfT,aAA+C,uBAGpCC,EAAQX,IAARW,CAAeA,EAAQC,aACtBD,EAAQb,GAARa,CAAcA,EAAQE,SCGlC,aAAuD,IACjDC,SAKA,IACElD,EAAK,EAALA,EAAU,GACL1B,EAAQ6E,qBAAR7E,EADK,IAENwD,GAAYC,IAAmB,KAAnBA,EACZC,EAAaD,IAAmB,MAAnBA,IACdG,MAJO,GAKPE,OALO,GAMPD,SANO,GAOPE,QAPP,QAUS/D,EAAQ6E,qBAAR7E,EAXX,CAcA,QAAQ,KAEF8E,GAAS,MACPF,EAAKd,IADE,KAERc,EAAKhB,GAFG,OAGNgB,EAAKb,KAALa,CAAaA,EAAKd,IAHZ,QAILc,EAAKf,MAALe,CAAcA,EAAKhB,GAJd,EAQTmB,EAA6B,MAArB/E,KAAQQ,QAARR,CAA8BgF,EAAehF,EAAQG,aAAvB6E,CAA9BhF,IACR0E,EACJK,EAAML,KAANK,EAAe/E,EAAQiF,WAAvBF,EAAsCD,EAAOJ,MACzCC,EACJI,EAAMJ,MAANI,EAAgB/E,EAAQkF,YAAxBH,EAAwCD,EAAOH,OAE7CQ,EAAiBnF,EAAQoF,WAARpF,GACjBqF,EAAgBrF,EAAQsF,YAARtF,MAIhBmF,KAAiC,IAC7Bf,GAASvD,QACG0E,IAAuB,GAAvBA,CAFiB,IAGlBA,IAAuB,GAAvBA,CAHkB,GAK5Bb,QAL4B,GAM5BC,gBAGFa,qBCzD6F,IAAvBC,4CAAAA,eACvEC,EAASC,EAAQ,EAARA,EACTC,EAA6B,MAApBC,KAAOrF,SAChBsF,EAAejB,KACfkB,EAAalB,KACbmB,EAAe9E,KAEfkD,EAASvD,KACToF,EAAiB9B,WAAWC,EAAO6B,cAAlB9B,EACjB+B,EAAkB/B,WAAWC,EAAO8B,eAAlB/B,EAGrBsB,IAZiG,KAavF7B,IAAMS,GAAS0B,EAAWnC,GAApBS,CAAyB,CAAzBA,CAbiF,GAcvFP,KAAOO,GAAS0B,EAAWjC,IAApBO,CAA0B,CAA1BA,CAdgF,KAgBhGI,GAAUe,EAAc,KACrBM,EAAalC,GAAbkC,CAAmBC,EAAWnC,GAA9BkC,EADqB,MAEpBA,EAAahC,IAAbgC,CAAoBC,EAAWjC,IAA/BgC,EAFoB,OAGnBA,EAAapB,KAHM,QAIlBoB,EAAanB,MAJK,CAAda,OAMNW,UAAY,IACZC,WAAa,EAMjB,MAAmB,IACfD,GAAYhC,WAAWC,EAAO+B,SAAlBhC,EACZiC,EAAajC,WAAWC,EAAOgC,UAAlBjC,IAEXP,KAAOqC,GAJM,GAKbpC,QAAUoC,GALG,GAMbnC,MAAQoC,GANK,GAObnC,OAASmC,GAPI,GAUbC,WAVa,GAWbC,oBAIRV,GAAU,EAAVA,CACIG,EAAO9C,QAAP8C,GADJH,CAEIG,OAAqD,MAA1BG,KAAaxF,cAElC6F,uBCnDwF,IAAvBC,4CAAAA,eACvEjD,EAAOrD,EAAQG,aAARH,CAAsBwB,gBAC7B+E,EAAiBC,OACjB9B,EAAQL,GAAShB,EAAK4B,WAAdZ,CAA2BnE,OAAOuG,UAAPvG,EAAqB,CAAhDmE,EACRM,EAASN,GAAShB,EAAK6B,YAAdb,CAA4BnE,OAAOwG,WAAPxG,EAAsB,CAAlDmE,EAETb,EAAY,EAAmC,CAAnC,CAAiBC,KAC7BC,EAAa,EAA2C,CAA3C,CAAiBD,IAAgB,MAAhBA,EAE9BkD,EAAS,KACRnD,EAAY+C,EAAe3C,GAA3BJ,CAAiC+C,EAAeJ,SADxC,MAEPzC,EAAa6C,EAAezC,IAA5BJ,CAAmC6C,EAAeH,UAF3C,QAAA,SAAA,QAORZ,MCTT,aAAyC,IACjChF,GAAWR,EAAQQ,YACR,MAAbA,MAAoC,MAAbA,iBAG2B,OAAlDK,OAAkC,UAAlCA,cAGEJ,GAAaU,KARoB,WAYhCyF,KCbT,aAA8D,IAEvD,IAAY,CAAC5G,EAAQ6G,aAArB,EAAsCnF,UAClCf,UAASa,gBAH0C,OAKxDsF,GAAK9G,EAAQ6G,aAL2C,CAMrDC,GAAoD,MAA9CjG,OAA6B,WAA7BA,CAN+C,IAOrDiG,EAAGD,oBAEHC,IAAMnG,SAASa,gBCExB,mBAME,IADAiE,4CAAAA,eAIIsB,EAAa,CAAEnD,IAAK,CAAP,CAAUE,KAAM,CAAhB,EACXnC,EAAe8D,EAAgBuB,IAAhBvB,CAAuDvC,IAA+B+D,IAA/B/D,KAGlD,UAAtBgE,OACWC,WAGV,IAECC,GACsB,cAAtBF,IAHD,IAIgBhG,EAAgBC,IAAhBD,CAJhB,CAK+B,MAA5BkG,KAAe5G,QALlB,KAMkB6G,EAAOlH,aAAPkH,CAAqB7F,eANvC,GAQ8B,QAAtB0F,IARR,GASgBG,EAAOlH,aAAPkH,CAAqB7F,eATrC,IAAA,IAcGiD,GAAU+B,YAOgB,MAA5BY,KAAe5G,QAAf4G,EAAsC,CAACR,KAAuB,OACtC5B,EAAeqC,EAAOlH,aAAtB6E,EAAlBL,IAAAA,OAAQD,IAAAA,QACLd,KAAOa,EAAQb,GAARa,CAAcA,EAAQ0B,SAFwB,GAGrDtC,OAASc,EAASF,EAAQb,GAH2B,GAIrDE,MAAQW,EAAQX,IAARW,CAAeA,EAAQ2B,UAJsB,GAKrDrC,MAAQW,EAAQD,EAAQX,IALrC,YAaQwD,GAAW,CA7CrB,IA8CMC,GAAqC,QAAnB,oBACbzD,MAAQyD,IAA4BD,EAAQxD,IAARwD,EAAgB,IACpD1D,KAAO2D,IAA4BD,EAAQ1D,GAAR0D,EAAe,IAClDvD,OAASwD,IAA4BD,EAAQvD,KAARuD,EAAiB,IACtDzD,QAAU0D,IAA4BD,EAAQzD,MAARyD,EAAkB,iBC3EjC,IAAjB5C,KAAAA,MAAOC,IAAAA,aACjBD,KAYT,qBAOE,IADA4C,0DAAU,KAEwB,CAAC,CAA/BE,KAAU3F,OAAV2F,CAAkB,MAAlBA,cAIET,GAAaU,WAObC,EAAQ,KACP,OACIX,EAAWrC,KADf,QAEKiD,EAAQ/D,GAAR+D,CAAcZ,EAAWnD,GAF9B,CADO,OAKL,OACEmD,EAAWhD,KAAXgD,CAAmBY,EAAQ5D,KAD7B,QAEGgD,EAAWpC,MAFd,CALK,QASJ,OACCoC,EAAWrC,KADZ,QAEEqC,EAAWlD,MAAXkD,CAAoBY,EAAQ9D,MAF9B,CATI,MAaN,OACG8D,EAAQ7D,IAAR6D,CAAeZ,EAAWjD,IAD7B,QAEIiD,EAAWpC,MAFf,CAbM,EAmBRiD,EAAcC,OAAOC,IAAPD,IACjBE,GADiBF,CACb,8BAEAH,WACGM,EAAQN,IAARM,GAJU,CAAAH,EAMjBI,IANiBJ,CAMZ,oBAAUK,GAAEC,IAAFD,CAASE,EAAED,IANT,CAAAN,EAQdQ,EAAgBT,EAAYU,MAAZV,CACpB,eAAGlD,KAAAA,MAAOC,IAAAA,aACRD,IAAS2C,EAAOpC,WAAhBP,EAA+BC,GAAU0C,EAAOnC,YAF9B,CAAA0C,EAKhBW,EAA2C,CAAvBF,GAAcG,MAAdH,CACtBA,EAAc,CAAdA,EAAiBI,GADKJ,CAEtBT,EAAY,CAAZA,EAAea,IAEbC,EAAYlB,EAAUmB,KAAVnB,CAAgB,GAAhBA,EAAqB,CAArBA,QAEXe,IAAqBG,OAAAA,CAA8B,EAAnDH,ECzDT,iBAA4F,IAAtB9C,0DAAgB,KAC9EmD,EAAqBnD,EAAgBuB,IAAhBvB,CAAuDvC,IAA+B+D,IAA/B/D,QAC3EsD,UCVT,aAA+C,IACvCtG,GAASF,EAAQG,aAARH,CAAsBI,YAC/BgE,EAASlE,EAAOI,gBAAPJ,IACT2I,EAAI1E,WAAWC,EAAO+B,SAAP/B,EAAoB,CAA/BD,EAAoCA,WAAWC,EAAO0E,YAAP1E,EAAuB,CAAlCD,EACxC4E,EAAI5E,WAAWC,EAAOgC,UAAPhC,EAAqB,CAAhCD,EAAqCA,WAAWC,EAAO4E,WAAP5E,EAAsB,CAAjCD,EACzCW,EAAS,OACN9E,EAAQoF,WAARpF,EADM,QAELA,EAAQsF,YAARtF,EAFK,WCLjB,aAAwD,IAChDiJ,GAAO,CAAEnF,KAAM,OAAR,CAAiBC,MAAO,MAAxB,CAAgCF,OAAQ,KAAxC,CAA+CD,IAAK,QAApD,QACN4D,GAAU0B,OAAV1B,CAAkB,wBAAlBA,CAA4C,kBAAWyB,KAAvD,CAAAzB,ECIT,iBAA8E,GAChEA,EAAUmB,KAAVnB,CAAgB,GAAhBA,EAAqB,CAArBA,CADgE,IAItE2B,GAAaC,KAGbC,EAAgB,OACbF,EAAWzE,KADE,QAEZyE,EAAWxE,MAFC,EAMhB2E,EAAmD,CAAC,CAA1C,oBAAkBzH,OAAlB,IACV0H,EAAWD,EAAU,KAAVA,CAAkB,OAC7BE,EAAgBF,EAAU,MAAVA,CAAmB,MACnCG,EAAcH,EAAU,QAAVA,CAAqB,QACnCI,EAAuB,EAAsB,OAAtB,CAAW,qBAGtCC,KACAA,KAAgC,CADhCA,CAEAR,KAA0B,OACxB3B,MAEAmC,KAAkCR,KAGlCQ,EAAiBC,IAAjBD,IChCN,eAAyC,OAEnCE,OAAMC,SAAND,CAAgBE,IAFmB,CAG9BC,EAAID,IAAJC,GAH8B,CAOhCA,EAAI1B,MAAJ0B,IAAkB,CAAlBA,ECLT,iBAAoD,IAE9CH,MAAMC,SAAND,CAAgBI,gBACXD,GAAIC,SAAJD,CAAc,kBAAOE,SAArB,CAAAF,KAIHG,GAAQJ,IAAU,kBAAOK,SAAjB,CAAAL,QACPC,GAAInI,OAAJmI,ICLT,iBAA4D,IACpDK,GAAiBC,aAEnBC,EAAUC,KAAVD,CAAgB,CAAhBA,CAAmBN,IAAqB,MAArBA,GAAnBM,WAEWE,QAAQ,WAAY,CAC7B9G,EAAS,UAATA,CAD6B,UAEvB+G,KAAK,wDAFkB,IAI3BC,GAAKhH,EAAS,UAATA,GAAwBA,EAASgH,GACxChH,EAASiH,OAATjH,EAAoBkH,IALS,KAS1BpG,QAAQ4C,OAAS7B,EAAcsF,EAAKrG,OAALqG,CAAazD,MAA3B7B,CATS,GAU1Bf,QAAQrD,UAAYoE,EAAcsF,EAAKrG,OAALqG,CAAa1J,SAA3BoE,CAVM,GAYxBmF,MAZwB,CAAnC,KCPF,YAAiC,KAE3B,KAAKI,KAAL,CAAWC,gBAIXF,GAAO,UACC,IADD,UAAA,eAAA,cAAA,WAAA,WAAA,IAUNrG,QAAQrD,UAAY6J,EACvB,KAAKF,KADkBE,CAEvB,KAAK5D,MAFkB4D,CAGvB,KAAK7J,SAHkB6J,CAIvB,KAAKC,OAAL,CAAaC,aAJUF,IAUpBzD,UAAY4D,EACf,KAAKF,OAAL,CAAa1D,SADE4D,CAEfN,EAAKrG,OAALqG,CAAa1J,SAFEgK,CAGf,KAAK/D,MAHU+D,CAIf,KAAKhK,SAJUgK,CAKf,KAAKF,OAAL,CAAaX,SAAb,CAAuBc,IAAvB,CAA4BnE,iBALbkE,CAMf,KAAKF,OAAL,CAAaX,SAAb,CAAuBc,IAAvB,CAA4B/D,OANb8D,IAUZE,kBAAoBR,EAAKtD,YAEzB2D,cAAgB,KAAKD,OAAL,CAAaC,gBAG7B1G,QAAQ4C,OAASkE,EACpB,KAAKlE,MADekE,CAEpBT,EAAKrG,OAALqG,CAAa1J,SAFOmK,CAGpBT,EAAKtD,SAHe+D,IAMjB9G,QAAQ4C,OAAOmE,SAAW,KAAKN,OAAL,CAAaC,aAAb,CAC3B,OAD2B,CAE3B,aAGGM,EAAa,KAAKlB,SAAlBkB,IAIF,KAAKV,KAAL,CAAWW,eAITR,QAAQS,kBAHRZ,MAAMW,kBACNR,QAAQU,cChEjB,eAAmE,OAC1DrB,GAAUsB,IAAVtB,CACL,eAAGuB,KAAAA,KAAMlB,IAAAA,cAAcA,IAAWkB,KAD7B,CAAAvB,ECAT,aAA2D,KAIpD,GAHCwB,+BAGD,CAFCC,EAAYzL,EAAS0L,MAAT1L,CAAgB,CAAhBA,EAAmB2L,WAAnB3L,GAAmCA,EAASiK,KAATjK,CAAe,CAAfA,CAEhD,CAAI4L,EAAI,EAAGA,EAAIJ,EAASvD,OAAQ2D,IAAK,IAClCC,GAASL,KACTM,EAAUD,QAAAA,MAC4B,WAAxC,QAAOzL,UAASC,IAATD,CAAc2L,KAAd3L,mBAIN,MCVT,YAAkC,aAC3BoK,MAAMC,eAGPuB,EAAkB,KAAKhC,SAAvBgC,CAAkC,YAAlCA,SACGlF,OAAOmF,gBAAgB,oBACvBnF,OAAOiF,MAAMd,SAAW,QACxBnE,OAAOiF,MAAM1I,IAAM,QACnByD,OAAOiF,MAAMxI,KAAO,QACpBuD,OAAOiF,MAAMvI,MAAQ,QACrBsD,OAAOiF,MAAMzI,OAAS,QACtBwD,OAAOiF,MAAMG,WAAa,QAC1BpF,OAAOiF,MAAMI,EAAyB,WAAzBA,GAAyC,SAGxDC,wBAID,KAAKzB,OAAL,CAAa0B,sBACVvF,OAAO5G,WAAWoM,YAAY,KAAKxF,QAEnC,KCzBT,aAA2C,IACnClH,GAAgBH,EAAQG,oBACvBA,GAAgBA,EAAcC,WAA9BD,CAA4CD,0BCJwB,IACrE4M,GAAmC,MAA1B9G,KAAaxF,SACtBuM,EAASD,EAAS9G,EAAa7F,aAAb6F,CAA2B5F,WAApC0M,KACRE,qBAAkC,CAAEC,UAAF,EAHkC,MAOvE/L,EAAgB6L,EAAOtM,UAAvBS,QAPuE,GAa7DgM,QAShB,mBAKE,GAEMC,aAFN,MAGqBH,iBAAiB,SAAUjC,EAAMoC,YAAa,CAAEF,UAAF,EAHnE,IAMMG,GAAgBlM,gBAGpB,SACA6J,EAAMoC,YACNpC,EAAMsC,iBAEFD,kBACAE,mBCpCR,YAA+C,CACxC,KAAKvC,KAAL,CAAWuC,aAD6B,QAEtCvC,MAAQwC,EACX,KAAKnM,SADMmM,CAEX,KAAKrC,OAFMqC,CAGX,KAAKxC,KAHMwC,CAIX,KAAKC,cAJMD,CAF8B,ECA/C,eAA+D,aAExCE,oBAAoB,SAAU1C,EAAMoC,eAGnDE,cAAc5C,QAAQ,WAAU,GAC7BgD,oBAAoB,SAAU1C,EAAMoC,YAD7C,KAKMA,YAAc,OACdE,mBACAD,cAAgB,OAChBE,mBCZR,YAAgD,CAC1C,KAAKvC,KAAL,CAAWuC,aAD+B,wBAEvB,KAAKE,eAFkB,MAGvCzC,MAAQ2C,EAAqB,KAAKtM,SAA1BsM,CAAqC,KAAK3C,KAA1C2C,CAH+B,ECFhD,aAAqC,OACtB,EAANC,MAAY,CAACC,MAAMzJ,aAANyJ,CAAbD,EAAqCE,YCE9C,eAAmD,QAC1C/F,QAAa2C,QAAQ,WAAQ,IAC9BqD,GAAO,GAIP,CAAC,CADH,oDAAsDjM,OAAtD,KAEAkM,EAAU3J,IAAV2J,CANgC,KAQzB,IARyB,IAU1BzB,SAAclI,MAVxB,GCHF,eAA2D,QAClD0D,QAAiB2C,QAAQ,WAAe,IACvCuD,GAAQC,KACVD,MAFyC,GAKnCxB,kBALmC,GAGnC0B,eAAmBD,KAH/B,GCUF,eAA6D,OAC7BnD,EAAKrG,QAA3B4C,IAAAA,OAAQjG,IAAAA,UACR+M,IACFC,EAAU,oBAAhB,EAEMC,EAAiBF,EAAM/M,EAAUsD,KAAhByJ,EACjBG,EAAcH,EAAM9G,EAAO3C,KAAbyJ,EAEdI,EAA2D,CAAC,CAA/C,oBAAkB1M,OAAlB,CAA0BiJ,EAAKtD,SAA/B,EACbgH,EAA8C,CAAC,CAAjC1D,KAAKtD,SAALsD,CAAejJ,OAAfiJ,CAAuB,GAAvBA,EAId2D,EAAsB,EAExBF,MALoBF,EAAiB,CAAjBA,EAAuBC,EAAc,CAKzDC,IAFwB,GAKtBG,EAAoB,YAEnB,MACCD,EAVoC,CAAvBJ,IAAiB,CAAjBA,EAAgD,CAApBC,IAAc,CAW3DK,EAAgB,EAAhBA,IACItH,EAAOvD,IAAPuD,CAAc,CADlBsH,CAEItH,EAAOvD,IAHP2K,CADD,KAMAC,EAAkBrH,EAAOzD,GAAzB8K,CANA,QAOGA,EAAkBrH,EAAOxD,MAAzB6K,CAPH,OAQED,EAAoBpH,EAAOtD,KAA3B0K,CARF,EC3BT,iBAIE,IACMG,GAAa7E,IAAgB,eAAG+B,KAAAA,WAAWA,MAA9B,CAAA/B,EAEb8E,EACJ,CAAC,EAAD,EACAtE,EAAUsB,IAAVtB,CAAe,WAAY,OAEvB5G,GAASmI,IAATnI,MACAA,EAASiH,OADTjH,EAEAA,EAASvB,KAATuB,CAAiBiL,EAAWxM,KAJhC,CAAAmI,KAQE,GAAa,IACTqE,qBAEElE,cACHoE,4BAAAA,8DAAAA,iBC1BT,aAAwD,OACpC,KAAdpG,IADkD,CAE7C,OAF6C,CAG7B,OAAdA,IAH2C,CAI7C,KAJ6C,GCQxD,aAA8D,IAAjBqG,4CAAAA,eACrCC,EAAQC,GAAgBpN,OAAhBoN,IACRjF,EAAMiF,GACTzE,KADSyE,CACHD,EAAQ,CADLC,EAETC,MAFSD,CAEFA,GAAgBzE,KAAhByE,CAAsB,CAAtBA,GAFEA,QAGLF,GAAU/E,EAAImF,OAAJnF,EAAV+E,GCJT,mBAA2E,IAEnEpG,GAAQyG,EAAIjF,KAAJiF,CAAU,2BAAVA,EACRpB,EAAQ,CAACrF,EAAM,CAANA,EACTmF,EAAOnF,EAAM,CAANA,KAGT,eAIsB,CAAtBmF,KAAKjM,OAALiM,CAAa,GAAbA,EAAyB,IACvB9N,iBAEG,mBAGA,QACA,qBAKD4E,GAAOY,WACNZ,MAAoB,GAApBA,EAbT,CAcO,GAAa,IAATkJ,MAA0B,IAATA,IAArB,CAAoC,IAErCuB,YACS,IAATvB,KACKzJ,GACL1D,SAASa,eAATb,CAAyBuE,YADpBb,CAELnE,OAAOwG,WAAPxG,EAAsB,CAFjBmE,EAKAA,GACL1D,SAASa,eAATb,CAAyBsE,WADpBZ,CAELnE,OAAOuG,UAAPvG,EAAqB,CAFhBmE,EAKFgL,EAAO,GAAPA,EAdF,UAiCT,mBAKE,IACM5K,SAKA6K,EAAyD,CAAC,CAA9C,oBAAkBzN,OAAlB,IAIZ0N,EAAY5I,EAAOgC,KAAPhC,CAAa,SAAbA,EAAwBoB,GAAxBpB,CAA4B,kBAAQ6I,GAAKC,IAALD,EAApC,CAAA7I,EAIZ+I,EAAUH,EAAU1N,OAAV0N,CACdxF,IAAgB,kBAAgC,CAAC,CAAzByF,KAAKG,MAALH,CAAY,MAAZA,CAAxB,CAAAzF,CADcwF,EAIZA,MAA0D,CAAC,CAArCA,QAAmB1N,OAAnB0N,CAA2B,GAA3BA,CAlB1B,UAmBU7E,KACN,+EApBJ,IA0BMkF,GAAa,cACfC,EAAkB,CAAC,CAAbH,KASN,GATMA,CACN,CACEH,EACG/E,KADH+E,CACS,CADTA,IAEGL,MAFHK,CAEU,CAACA,KAAmB5G,KAAnB4G,IAAqC,CAArCA,CAAD,CAFVA,CADF,CAIE,CAACA,KAAmB5G,KAAnB4G,IAAqC,CAArCA,CAAD,EAA0CL,MAA1C,CACEK,EAAU/E,KAAV+E,CAAgBG,EAAU,CAA1BH,CADF,CAJF,WAWEM,EAAI9H,GAAJ8H,CAAQ,aAAe,IAErBpG,GAAc,CAAW,CAAVuF,KAAc,EAAdA,EAAD,EAChB,QADgB,CAEhB,QACAc,WAEFC,GAGGC,MAHHD,CAGU,aAAU,OACQ,EAApB3H,KAAEA,EAAEI,MAAFJ,CAAW,CAAbA,GAAoD,CAAC,CAA3B,aAAWvG,OAAX,GADd,IAEZuG,EAAEI,MAAFJ,CAAW,IAFC,KAAA,SAMZA,EAAEI,MAAFJ,CAAW,KANC,KAAA,IAUPA,EAAE8G,MAAF9G,GAbb,CAAA2H,KAiBGhI,GAjBHgI,CAiBO,kBAAOE,WAjBd,CAAAF,CAPE,CAAAF,IA6BFpF,QAAQ,aAAe,GACtBA,QAAQ,aAAkB,CACvBsD,IADuB,SAEPyB,GAA2B,GAAnBO,KAAGG,EAAS,CAAZH,EAAyB,CAAC,CAA1BA,CAA8B,CAAtCP,CAFO,CAA7B,EADF,KAmBF,eAAiD,IAI3C/K,GAJiCkC,IAAAA,OAC7Ba,EAA8CsD,EAA9CtD,YAA8CsD,EAAnCrG,QAAW4C,IAAAA,OAAQjG,IAAAA,UAChC+O,EAAgB3I,EAAUmB,KAAVnB,CAAgB,GAAhBA,EAAqB,CAArBA,WAGlBuG,EAAU,EAAVA,EACQ,CAAC,EAAD,CAAU,CAAV,EAEAqC,WAGU,MAAlBD,QACKvM,KAAOa,EAAQ,CAARA,IACPX,MAAQW,EAAQ,CAARA,GACY,OAAlB0L,QACFvM,KAAOa,EAAQ,CAARA,IACPX,MAAQW,EAAQ,CAARA,GACY,KAAlB0L,QACFrM,MAAQW,EAAQ,CAARA,IACRb,KAAOa,EAAQ,CAARA,GACa,QAAlB0L,SACFrM,MAAQW,EAAQ,CAARA,IACRb,KAAOa,EAAQ,CAARA,KAGX4C,iBChHgBhD,KAAKgM,ML1DDhM,KAAViM,QAAUjM,KAAjB8J,S5BlBD9J,KAAKkM,OkCHmB,WAAlB,QAAOrQ,OAAP,EAAqD,WAApB,QAAOS,SAAxC,EAAyF,WAArB,QAAO6P,6BCInF,GADCC,+BACD,CAAItE,EAAI,EAAGA,EAAIsE,EAAsBjI,OAAQ2D,GAAK,KACjDuE,IAAsE,CAAzDF,YAAUG,SAAVH,CAAoB3O,OAApB2O,CAA4BC,IAA5BD,QACR,SAGJ,EAPgB,IAqCnBI,GAAqBF,IAAaxQ,OAAO2Q,WAY/BD,GAvChB,WAAsC,IAChCE,YACG,WAAM,SAAA,QAKJD,QAAQE,UAAUC,KAAK,UAAM,KAAA,IAApC,EALW,CAAb,EAqCcJ,CAzBhB,WAAiC,IAC3BK,YACG,WAAM,SAAA,YAGE,UAAM,KAAA,IAAjB,KAHS,CAAb,G3C1BI1P,GAASmP,IAAa,CAAC,EAAExQ,OAAOgR,oBAAPhR,EAA+BS,SAASwQ,YAA1C,EACvBzL,GAASgL,IAAa,UAAUzP,IAAV,CAAeuP,UAAUG,SAAzB,gnB4CItBS,GAAYV,IAAa,WAAWzP,IAAX,CAAgBuP,UAAUG,SAA1B,wKLJzB1B,GAAkBoC,GAAW7G,KAAX6G,CAAiB,CAAjBA,EMKlBC,GAAY,MACV,MADU,WAEL,WAFK,kBAGE,kBAHF,ECIGC,6BAS0B,YAAdrG,sEAAc,MAyF7CsC,eAAiB,iBAAMgE,uBAAsB,EAAKC,MAA3BD,CAzFsB,CAAA,MAEtCC,OAASC,GAAS,KAAKD,MAAL,CAAYE,IAAZ,CAAiB,IAAjB,CAATD,CAF6B,MAKtCxG,cAAeqG,EAAOK,WALgB,MAQtC7G,MAAQ,eAAA,aAAA,iBAAA,CAR8B,MAetC3J,UAAYA,GAAaA,EAAUyQ,MAAvBzQ,CAAgCA,EAAU,CAAVA,CAAhCA,EAf0B,MAgBtCiG,OAASA,GAAUA,EAAOwK,MAAjBxK,CAA0BA,EAAO,CAAPA,CAA1BA,EAhB6B,MAmBtC6D,QAAQX,YAnB8B,QAoBpCzC,WACFyJ,EAAOK,QAAPL,CAAgBhH,UAChBW,EAAQX,YACVE,QAAQ,WAAQ,GACZS,QAAQX,mBAEPgH,EAAOK,QAAPL,CAAgBhH,SAAhBgH,QAEArG,EAAQX,SAARW,CAAoBA,EAAQX,SAARW,GAApBA,IARR,EApB2C,MAiCtCX,UAAY1C,OAAOC,IAAPD,CAAY,KAAKqD,OAAL,CAAaX,SAAzB1C,EACdE,GADcF,CACV,+BAEA,EAAKqD,OAAL,CAAaX,SAAb,IAHU,CAAA1C,EAMdI,IANcJ,CAMT,oBAAUO,GAAEhG,KAAFgG,CAAUF,EAAE9F,KANb,CAAAyF,CAjC0B,MA6CtC0C,UAAUE,QAAQ,WAAmB,CACpCqH,EAAgBlH,OAAhBkH,EAA2BjH,EAAWiH,EAAgBC,MAA3BlH,CADS,IAEtBkH,OACd,EAAK3Q,UACL,EAAKiG,OACL,EAAK6D,UAEL,EAAKH,MAPX,EA7C2C,MA0DtC0G,QA1DsC,IA4DrCnE,GAAgB,KAAKpC,OAAL,CAAaoC,cA5DQ,QA+DpC0E,sBA/DoC,MAkEtCjH,MAAMuC,2DAKJ,OACAmE,GAAO1R,IAAP0R,CAAY,IAAZA,mCAEC,OACDQ,GAAQlS,IAARkS,CAAa,IAAbA,gDAEc,OACdD,GAAqBjS,IAArBiS,CAA0B,IAA1BA,iDAEe,OACfrF,GAAsB5M,IAAtB4M,CAA2B,IAA3BA,iBA1FU4E,IAoHZW,KApHYX,CAoHJ,CAAmB,WAAlB,QAAOrR,OAAP,CAAyCiS,MAAzC,CAAgCjS,MAAjC,EAAkDkS,YApH9Cb,GAsHZF,UAtHYE,IAAAA,GAwHZK,QAxHYL,CCMN,WAKF,QALE,iBAAA,iBAAA,mBAAA,UAgCH,UAAM,CAhCH,CAAA,UA0CH,UAAM,CA1CH,CAAA,WCcA,OASN,OAEE,GAFF,WAAA,IClCT,WAAoC,IAC5B/J,GAAYsD,EAAKtD,UACjB2I,EAAgB3I,EAAUmB,KAAVnB,CAAgB,GAAhBA,EAAqB,CAArBA,EAChB6K,EAAiB7K,EAAUmB,KAAVnB,CAAgB,GAAhBA,EAAqB,CAArBA,OAGH,OACYsD,EAAKrG,QAA3BrD,IAAAA,UAAWiG,IAAAA,OACbkH,EAA0D,CAAC,CAA9C,oBAAkB1M,OAAlB,IACbsB,EAAOoL,EAAa,MAAbA,CAAsB,MAC7B9E,EAAc8E,EAAa,OAAbA,CAAuB,SAErC+D,EAAe,eACFlR,KADE,aAGTA,KAAkBA,IAAlBA,CAA2CiG,KAHlC,IAOhB5C,QAAQ4C,eAAyBiL,eDejC,CATM,QAwDL,OAEC,GAFD,WAAA,KAAA,QAUE,CAVF,CAxDK,iBAsFI,OAER,GAFQ,WAAA,IE3GnB,aAAuD,IACjDpL,GACFgE,EAAQhE,iBAARgE,EAA6BpJ,EAAgBgJ,EAAKyH,QAALzH,CAAczD,MAA9BvF,EAK3BgJ,EAAKyH,QAALzH,CAAc1J,SAAd0J,IAPiD,KAQ/BhJ,IAR+B,KAc/C0Q,GAAgB9F,EAAyB,WAAzBA,EAChB+F,EAAe3H,EAAKyH,QAALzH,CAAczD,MAAdyD,CAAqBwB,MAClC1I,EAA0C6O,EAA1C7O,IAAKE,EAAqC2O,EAArC3O,KAAuB4O,EAAcD,OACrC7O,IAAM,EAjBkC,GAkBxCE,KAAO,EAlBiC,MAmBvB,EAnBuB,IAqB/CiD,GAAaU,EACjBqD,EAAKyH,QAALzH,CAAczD,MADGI,CAEjBqD,EAAKyH,QAALzH,CAAc1J,SAFGqG,CAGjByD,EAAQ5D,OAHSG,GAKjBqD,EAAKK,aALY1D,IAUN7D,KA/BwC,GAgCxCE,MAhCwC,OAAA,GAmC7CiD,YAnC6C,IAqC/C3E,GAAQ8I,EAAQyH,SAClBtL,EAASyD,EAAKrG,OAALqG,CAAazD,OAEpBuL,EAAQ,oBACO,IACb5E,GAAQ3G,WAEVA,MAAoBN,IAApBM,EACA,CAAC6D,EAAQ2H,wBAEDxO,GAASgD,IAAThD,CAA4B0C,IAA5B1C,aAPA,CAAA,sBAWS,IACbkF,GAAyB,OAAd/B,KAAwB,MAAxBA,CAAiC,MAC9CwG,EAAQ3G,WAEVA,MAAoBN,IAApBM,EACA,CAAC6D,EAAQ2H,wBAEDxO,EACNgD,IADMhD,CAEN0C,MACiB,OAAdS,KAAwBH,EAAO3C,KAA/B8C,CAAuCH,EAAO1C,MADjDoC,CAFM1C,cAlBA,WA4BRoG,QAAQ,WAAa,IACnBtH,GACmC,CAAC,CAAxC,kBAAgBtB,OAAhB,IAAwD,WAAxD,CAA4C,oBACrB+Q,QAH3B,KAMKnO,QAAQ4C,WFiCI,yCAAA,SAmBN,CAnBM,mBAyBI,cAzBJ,CAtFJ,cA2HC,OAEL,GAFK,WAAA,IGpJhB,WAA2C,OACXyD,EAAKrG,QAA3B4C,IAAAA,OAAQjG,IAAAA,UACVoG,EAAYsD,EAAKtD,SAALsD,CAAenC,KAAfmC,CAAqB,GAArBA,EAA0B,CAA1BA,EACZwF,IACA/B,EAAsD,CAAC,CAA1C,oBAAkB1M,OAAlB,IACbsB,EAAOoL,EAAa,OAAbA,CAAuB,SAC9BuE,EAASvE,EAAa,MAAbA,CAAsB,MAC/B9E,EAAc8E,EAAa,OAAbA,CAAuB,eAEvClH,MAAeiJ,EAAMlP,IAANkP,MACZ7L,QAAQ4C,UACXiJ,EAAMlP,IAANkP,EAA2BjJ,MAE3BA,KAAiBiJ,EAAMlP,IAANkP,MACd7L,QAAQ4C,UAAiBiJ,EAAMlP,IAANkP,KHsIlB,CA3HD,OA8IN,OAEE,GAFF,WAAA,IPlKT,aAA6C,UAEvC,CAACyC,EAAmBjI,EAAKyH,QAALzH,CAAcP,SAAjCwI,CAA4C,OAA5CA,CAAqD,cAArDA,cAIDC,GAAe9H,EAAQlL,WAGC,QAAxB,iBACa8K,EAAKyH,QAALzH,CAAczD,MAAdyD,CAAqBmI,aAArBnI,IAGX,qBAMA,CAACA,EAAKyH,QAALzH,CAAczD,MAAdyD,CAAqB/H,QAArB+H,mBACKJ,KACN,sEAMAlD,GAAYsD,EAAKtD,SAALsD,CAAenC,KAAfmC,CAAqB,GAArBA,EAA0B,CAA1BA,IACYA,EAAKrG,QAA3B4C,IAAAA,OAAQjG,IAAAA,UACVmN,EAAsD,CAAC,CAA1C,oBAAkB1M,OAAlB,IAEbqR,EAAM3E,EAAa,QAAbA,CAAwB,QAC9B4E,EAAkB5E,EAAa,KAAbA,CAAqB,OACvCpL,EAAOgQ,EAAgBC,WAAhBD,GACPE,EAAU9E,EAAa,MAAbA,CAAsB,MAChCuE,EAASvE,EAAa,QAAbA,CAAwB,QACjC+E,EAAmBlK,QAQrBhI,OAAuCiG,IA5CA,KA6CpC5C,QAAQ4C,WACXA,MAAgBjG,MAAhBiG,CA9CuC,EAiDvCjG,OAAqCiG,IAjDE,KAkDpC5C,QAAQ4C,WACXjG,OAAqCiG,IAnDE,IAqDtC5C,QAAQ4C,OAAS7B,EAAcsF,EAAKrG,OAALqG,CAAazD,MAA3B7B,CArDqB,IAwDrC+N,GAASnS,KAAkBA,KAAiB,CAAnCA,CAAuCkS,EAAmB,EAInEjT,EAAMQ,EAAyBiK,EAAKyH,QAALzH,CAAczD,MAAvCxG,EACN2S,EAAmBrP,WAAW9D,YAAAA,CAAX8D,EACnBsP,EAAmBtP,WAAW9D,oBAAAA,CAAX8D,EACrBuP,EACFH,EAASzI,EAAKrG,OAALqG,CAAazD,MAAbyD,GAATyI,cAGUlP,GAASA,EAASgD,MAAThD,GAATA,CAA8D,CAA9DA,IAEP2O,iBACAvO,QAAQkP,mBACHtP,aACG,SO0FN,SAQI,WARJ,CA9IM,MAoKP,OAEG,GAFH,WAAA,IH/KR,aAA4C,IAEtCkI,EAAkBzB,EAAKyH,QAALzH,CAAcP,SAAhCgC,CAA2C,OAA3CA,cAIAzB,EAAK8I,OAAL9I,EAAgBA,EAAKtD,SAALsD,GAAmBA,EAAKQ,8BAKtCvE,GAAaU,EACjBqD,EAAKyH,QAALzH,CAAczD,MADGI,CAEjBqD,EAAKyH,QAALzH,CAAc1J,SAFGqG,CAGjByD,EAAQ5D,OAHSG,CAIjByD,EAAQhE,iBAJSO,CAKjBqD,EAAKK,aALY1D,EAQfD,EAAYsD,EAAKtD,SAALsD,CAAenC,KAAfmC,CAAqB,GAArBA,EAA0B,CAA1BA,EACZ+I,EAAoBjK,KACpBlB,EAAYoC,EAAKtD,SAALsD,CAAenC,KAAfmC,CAAqB,GAArBA,EAA0B,CAA1BA,GAAgC,GAE5CgJ,YAEI5I,EAAQ6I,cACTzC,IAAU0C,OACD,gBAET1C,IAAU2C,YACDC,eAET5C,IAAU6C,mBACDD,wBAGAhJ,EAAQ6I,mBAGdtJ,QAAQ,aAAiB,IAC7BjD,OAAsBsM,EAAUtL,MAAVsL,GAAqB9E,EAAQ,aAI3ClE,EAAKtD,SAALsD,CAAenC,KAAfmC,CAAqB,GAArBA,EAA0B,CAA1BA,CALqB,GAMblB,IANa,IAQ3BP,GAAgByB,EAAKrG,OAALqG,CAAazD,OAC7B+M,EAAatJ,EAAKrG,OAALqG,CAAa1J,UAG1BkP,IACA+D,EACW,MAAd7M,MACC8I,EAAMjH,EAActF,KAApBuM,EAA6BA,EAAM8D,EAAWtQ,IAAjBwM,CAD9B9I,EAEc,OAAdA,MACC8I,EAAMjH,EAAcvF,IAApBwM,EAA4BA,EAAM8D,EAAWrQ,KAAjBuM,CAH7B9I,EAIc,KAAdA,MACC8I,EAAMjH,EAAcxF,MAApByM,EAA8BA,EAAM8D,EAAWxQ,GAAjB0M,CAL/B9I,EAMc,QAAdA,MACC8I,EAAMjH,EAAczF,GAApB0M,EAA2BA,EAAM8D,EAAWvQ,MAAjByM,EAEzBgE,EAAgBhE,EAAMjH,EAAcvF,IAApBwM,EAA4BA,EAAMvJ,EAAWjD,IAAjBwM,EAC5CiE,EAAiBjE,EAAMjH,EAActF,KAApBuM,EAA6BA,EAAMvJ,EAAWhD,KAAjBuM,EAC9CkE,EAAelE,EAAMjH,EAAczF,GAApB0M,EAA2BA,EAAMvJ,EAAWnD,GAAjB0M,EAC1CmE,EACJnE,EAAMjH,EAAcxF,MAApByM,EAA8BA,EAAMvJ,EAAWlD,MAAjByM,EAE1BoE,EACW,MAAdlN,SACc,OAAdA,OADAA,EAEc,KAAdA,OAFAA,EAGc,QAAdA,QAGG+G,EAAsD,CAAC,CAA1C,oBAAkB1M,OAAlB,IAGb8S,EACJ,CAAC,CAACzJ,EAAQ0J,cAAV,GACErG,GAA4B,OAAd7F,IAAd6F,KACCA,GAA4B,KAAd7F,IAAd6F,GADDA,EAEC,IAA6B,OAAd7F,IAAf,GAFD6F,EAGC,IAA6B,KAAd7F,IAAf,GAJH,EAOImM,EACJ,CAAC,CAAC3J,EAAQ4J,uBAAV,GACEvG,GAA4B,OAAd7F,IAAd6F,KACCA,GAA4B,KAAd7F,IAAd6F,GADDA,EAEC,IAA6B,OAAd7F,IAAf,GAFD6F,EAGC,IAA6B,KAAd7F,IAAf,GAJH,EAMIqM,EAAmBJ,KAtDQ,CAwD7BN,OAxD6B,MA0D1BT,UA1D0B,EA4D3BS,IA5D2B,MA6DjBP,EAAU9E,EAAQ,CAAlB8E,CA7DiB,QAiEjBkB,IAjEiB,IAoE1BxN,UAAYA,GAAakB,EAAY,KAAZA,CAA8B,EAA3ClB,CApEc,GAwE1B/C,QAAQ4C,aACRyD,EAAKrG,OAALqG,CAAazD,OACbkE,EACDT,EAAKyH,QAALzH,CAAczD,MADbkE,CAEDT,EAAKrG,OAALqG,CAAa1J,SAFZmK,CAGDT,EAAKtD,SAHJ+D,EA1E0B,GAiFxBE,EAAaX,EAAKyH,QAALzH,CAAcP,SAA3BkB,GAA4C,MAA5CA,CAjFwB,CAAnC,KGwIM,UAaM,MAbN,SAkBK,CAlBL,mBAyBe,UAzBf,kBAAA,2BAAA,CApKO,OAuNN,OAEE,GAFF,WAAA,II7OT,WAAoC,IAC5BjE,GAAYsD,EAAKtD,UACjB2I,EAAgB3I,EAAUmB,KAAVnB,CAAgB,GAAhBA,EAAqB,CAArBA,IACQsD,EAAKrG,QAA3B4C,IAAAA,OAAQjG,IAAAA,UACVkI,EAAuD,CAAC,CAA9C,oBAAkBzH,OAAlB,IAEVoT,EAA4D,CAAC,CAA5C,kBAAgBpT,OAAhB,aAEhByH,EAAU,MAAVA,CAAmB,OACxBlI,MACC6T,EAAiB5N,EAAOiC,EAAU,OAAVA,CAAoB,QAA3BjC,CAAjB4N,CAAwD,CADzD7T,IAGGoG,UAAYoC,OACZnF,QAAQ4C,OAAS7B,OJgOf,CAvNM,MA0OP,OAEG,GAFH,WAAA,IKhQR,WAAmC,IAC7B,CAACuN,EAAmBjI,EAAKyH,QAALzH,CAAcP,SAAjCwI,CAA4C,MAA5CA,CAAoD,iBAApDA,cAICpL,GAAUmD,EAAKrG,OAALqG,CAAa1J,UACvB8T,EAAQnL,EACZe,EAAKyH,QAALzH,CAAcP,SADFR,CAEZ,kBAA8B,iBAAlBpG,KAASmI,IAFT,CAAA/B,EAGZhD,cAGAY,EAAQ9D,MAAR8D,CAAiBuN,EAAMtR,GAAvB+D,EACAA,EAAQ7D,IAAR6D,CAAeuN,EAAMnR,KADrB4D,EAEAA,EAAQ/D,GAAR+D,CAAcuN,EAAMrR,MAFpB8D,EAGAA,EAAQ5D,KAAR4D,CAAgBuN,EAAMpR,KACtB,IAEIgH,OAAKqK,gBAIJA,OANL,GAOKlH,WAAW,uBAAyB,EAZ3C,KAaO,IAEDnD,OAAKqK,gBAIJA,OANA,GAOAlH,WAAW,mCLiOZ,CA1OO,cAkQC,OAEL,GAFK,WAAA,IJlRhB,aAAoD,IAC1CpF,GAASqC,EAATrC,EAAGE,EAAMmC,EAANnC,EACH1B,EAAWyD,EAAKrG,OAALqG,CAAXzD,OAGF+N,EAA8BrL,EAClCe,EAAKyH,QAALzH,CAAcP,SADoBR,CAElC,kBAA8B,YAAlBpG,KAASmI,IAFa,CAAA/B,EAGlCsL,gBACED,UAT8C,UAUxC1K,KACN,gIAX8C,IAiD9C5G,GAAMF,EAnCJyR,EACJD,WAEIlK,EAAQmK,eAFZD,GAIIzT,EAAeG,EAAgBgJ,EAAKyH,QAALzH,CAAczD,MAA9BvF,EACfwT,EAAmBzQ,KAGnBT,EAAS,UACHiD,EAAOmE,QADJ,EAIT/G,EAAU8Q,IAEY,CAA1BrV,QAAOsV,gBAAPtV,EAA+B,GAFjBqV,EAKVvR,EAAc,QAAN6E,KAAiB,KAAjBA,CAAyB,SACjC3E,EAAc,OAAN6E,KAAgB,MAAhBA,CAAyB,QAKjC0M,EAAmB/I,EAAyB,WAAzBA,OAYX,QAAV1I,IAG4B,MAA1BrC,KAAanB,SACT,CAACmB,EAAauD,YAAd,CAA6BT,EAAQZ,OAErC,CAACyR,EAAiB3Q,MAAlB,CAA2BF,EAAQZ,OAGrCY,EAAQb,MAEF,OAAVM,IAC4B,MAA1BvC,KAAanB,SACR,CAACmB,EAAasD,WAAd,CAA4BR,EAAQV,MAEpC,CAACuR,EAAiB5Q,KAAlB,CAA0BD,EAAQV,MAGpCU,EAAQX,KAEbuR,kDAEc,OACA,IACT5I,WAAa,gBACf,IAECiJ,GAAsB,QAAV1R,IAAqB,CAAC,CAAtBA,CAA0B,EACtC2R,EAAuB,OAAVzR,IAAoB,CAAC,CAArBA,CAAyB,OAC5BN,GAJX,MAKWE,GALX,GAME2I,WAAgBzI,MAAAA,MAInBiK,GAAa,eACFnD,EAAKtD,SADH,WAKdyG,mBAAiCnD,EAAKmD,cACtC7J,eAAyB0G,EAAK1G,UAC9BwR,kBAAmB9K,EAAKrG,OAALqG,CAAa6I,MAAU7I,EAAK8K,eIsLtC,mBAAA,GAkBT,QAlBS,GAwBT,OAxBS,CAlQD,YA4SD,OAEH,GAFG,WAAA,IM9Td,WAAyC,UAK7B9K,EAAKyH,QAALzH,CAAczD,OAAQyD,EAAK1G,UAIvB0G,EAAKyH,QAALzH,CAAczD,OAAQyD,EAAKmD,YAGrCnD,EAAKkI,YAALlI,EAAqBjD,OAAOC,IAAPD,CAAYiD,EAAK8K,WAAjB/N,EAA8BW,UAC3CsC,EAAKkI,aAAclI,EAAK8K,eNiTxB,QMjSd,mBAME,IAEMjM,GAAmBsB,QAA8CC,EAAQC,aAAtDF,EAKnBzD,EAAY4D,EAChBF,EAAQ1D,SADQ4D,OAKhBF,EAAQX,SAARW,CAAkBG,IAAlBH,CAAuBhE,iBALPkE,CAMhBF,EAAQX,SAARW,CAAkBG,IAAlBH,CAAuB5D,OANP8D,WASX8C,aAAa,qBAIF,CAAE1C,SAAUN,EAAQC,aAARD,CAAwB,OAAxBA,CAAkC,UAA9C,KNuQN,uBAAA,CA5SC,CDdA"} \ No newline at end of file diff --git a/src/FoxIDs.ControlShared/FoxIDs.ControlShared.csproj b/src/FoxIDs.ControlShared/FoxIDs.ControlShared.csproj index 6b38d69ad..f22fa471c 100644 --- a/src/FoxIDs.ControlShared/FoxIDs.ControlShared.csproj +++ b/src/FoxIDs.ControlShared/FoxIDs.ControlShared.csproj @@ -2,7 +2,7 @@ net7.0 - 1.0.14.5 + 1.0.15.3 FoxIDs Anders Revsgaard ITfoxtec diff --git a/src/FoxIDs.ControlShared/Models/Api/Parties/CreateUser.cs b/src/FoxIDs.ControlShared/Models/Api/Parties/CreateUser.cs new file mode 100644 index 000000000..89f77ced3 --- /dev/null +++ b/src/FoxIDs.ControlShared/Models/Api/Parties/CreateUser.cs @@ -0,0 +1,26 @@ +using FoxIDs.Infrastructure.DataAnnotations; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Models.Api +{ + public class CreateUser + { + [Display(Name = "User must confirm account")] + public bool ConfirmAccount { get; set; } + + [Display(Name = "Require multi-factor (2FA/MFA)")] + public bool RequireMultiFactor { get; set; } + + [Length(Constants.Models.DynamicElements.ElementsMin, Constants.Models.DynamicElements.ElementsMax)] + [Display(Name = "Dynamic elements shown in order")] + public List Elements { get; set; } + + /// + /// Create user claim transforms, run after user creation. + /// + [Length(Constants.Models.Claim.TransformsMin, Constants.Models.Claim.TransformsMax)] + [Display(Name = "Claim transforms executed in order")] + public List ClaimTransforms { get; set; } + } +} diff --git a/src/FoxIDs.ControlShared/Models/Api/Parties/DynamicElement.cs b/src/FoxIDs.ControlShared/Models/Api/Parties/DynamicElement.cs new file mode 100644 index 000000000..d0d17edbf --- /dev/null +++ b/src/FoxIDs.ControlShared/Models/Api/Parties/DynamicElement.cs @@ -0,0 +1,32 @@ +using Newtonsoft.Json; +using System; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Models.Api +{ + public class DynamicElement : IValidatableObject + { + [Required] + public DynamicElementTypes Type { get; set; } + + [Required] + [Range(Constants.Models.DynamicElements.ElementsOrderMin, Constants.Models.DynamicElements.ElementsOrderMax)] + public int Order { get; set; } + + [Display(Name = "Field is required")] + public bool Required { get; set; } + + public IEnumerable Validate(ValidationContext validationContext) + { + var results = new List(); + + if (!Required && (Type == DynamicElementTypes.EmailAndPassword)) + { + results.Add(new ValidationResult($"The field {nameof(Required)} must be true for dynamic element type '{Type}'.", new[] { nameof(Required) })); + } + + return results; + } + } +} diff --git a/src/FoxIDs.ControlShared/Models/Api/Parties/DynamicElementTypes.cs b/src/FoxIDs.ControlShared/Models/Api/Parties/DynamicElementTypes.cs new file mode 100644 index 000000000..f3f83b763 --- /dev/null +++ b/src/FoxIDs.ControlShared/Models/Api/Parties/DynamicElementTypes.cs @@ -0,0 +1,11 @@ +namespace FoxIDs.Models.Api +{ + public enum DynamicElementTypes + { + EmailAndPassword = 10, + + Name = 20, + GivenName = 21, + FamilyName = 22 + } +} diff --git a/src/FoxIDs.ControlShared/Models/Api/Parties/LoginUpParty.cs b/src/FoxIDs.ControlShared/Models/Api/Parties/LoginUpParty.cs index 952c32153..d45f10c3a 100644 --- a/src/FoxIDs.ControlShared/Models/Api/Parties/LoginUpParty.cs +++ b/src/FoxIDs.ControlShared/Models/Api/Parties/LoginUpParty.cs @@ -1,4 +1,5 @@ using FoxIDs.Infrastructure.DataAnnotations; +using Newtonsoft.Json; using System.Collections.Generic; using System.ComponentModel.DataAnnotations; @@ -127,5 +128,7 @@ public class LoginUpParty : INameValue, IClaimTransform [RegularExpression(Constants.Models.UpParty.HrdLogoUrlRegExPattern)] [Display(Name = "HRD logo URL")] public string HrdLogoUrl { get; set; } + + public CreateUser CreateUser { get; set; } } } diff --git a/src/FoxIDs.ControlShared/Models/Api/Parties/PartyTypes.cs b/src/FoxIDs.ControlShared/Models/Api/Parties/PartyTypes.cs index 54e99f80d..64c8de95c 100644 --- a/src/FoxIDs.ControlShared/Models/Api/Parties/PartyTypes.cs +++ b/src/FoxIDs.ControlShared/Models/Api/Parties/PartyTypes.cs @@ -5,6 +5,7 @@ public enum PartyTypes Login = 10, OAuth2 = 20, Oidc = 30, - Saml2 = 40 + Saml2 = 40, + TrackLink = 100 } } diff --git a/src/FoxIDs.ControlShared/Models/Api/Parties/TrackLinkDownParty.cs b/src/FoxIDs.ControlShared/Models/Api/Parties/TrackLinkDownParty.cs new file mode 100644 index 000000000..b8de85349 --- /dev/null +++ b/src/FoxIDs.ControlShared/Models/Api/Parties/TrackLinkDownParty.cs @@ -0,0 +1,41 @@ +using FoxIDs.Infrastructure.DataAnnotations; +using Newtonsoft.Json; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Models.Api +{ + public class TrackLinkDownParty : IDownParty, INameValue, IClaimTransform + { + [Required] + [MaxLength(Constants.Models.Party.NameLength)] + [RegularExpression(Constants.Models.Party.NameRegExPattern)] + public string Name { get; set; } + + [MaxLength(Constants.Models.Party.NoteLength)] + public string Note { get; set; } + + [Length(Constants.Models.DownParty.AllowUpPartyNamesMin, Constants.Models.DownParty.AllowUpPartyNamesMax, Constants.Models.Party.NameLength, Constants.Models.Party.NameRegExPattern)] + public List AllowUpPartyNames { get; set; } + + [Required] + [MaxLength(Constants.Models.Track.NameLength)] + [RegularExpression(Constants.Models.Track.NameDbRegExPattern)] + [JsonProperty(PropertyName = "to_up_track_name")] + public string ToUpTrackName { get; set; } + + [Required] + [MaxLength(Constants.Models.Party.NameLength)] + [RegularExpression(Constants.Models.Party.NameRegExPattern)] + [JsonProperty(PropertyName = "to_up_party_name")] + public string ToUpPartyName { get; set; } + + [ValidateComplexType] + [Length(Constants.Models.OAuthDownParty.Client.ClaimsMin, Constants.Models.OAuthDownParty.Client.ClaimsMax)] + public List Claims { get; set; } + + [Length(Constants.Models.Claim.TransformsMin, Constants.Models.Claim.TransformsMax)] + [JsonProperty(PropertyName = "claim_transforms")] + public List ClaimTransforms { get; set; } + } +} diff --git a/src/FoxIDs.ControlShared/Models/Api/Parties/TrackLinkUpParty.cs b/src/FoxIDs.ControlShared/Models/Api/Parties/TrackLinkUpParty.cs new file mode 100644 index 000000000..54ba221c7 --- /dev/null +++ b/src/FoxIDs.ControlShared/Models/Api/Parties/TrackLinkUpParty.cs @@ -0,0 +1,93 @@ +using FoxIDs.Infrastructure.DataAnnotations; +using Newtonsoft.Json; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Models.Api +{ + public class TrackLinkUpParty : INameValue, IClaimTransform + { + [Required] + [MaxLength(Constants.Models.Party.NameLength)] + [RegularExpression(Constants.Models.Party.NameRegExPattern)] + public string Name { get; set; } + + [MaxLength(Constants.Models.Party.NoteLength)] + public string Note { get; set; } + + [Required] + [MaxLength(Constants.Models.Track.NameLength)] + [RegularExpression(Constants.Models.Track.NameDbRegExPattern)] + [JsonProperty(PropertyName = "to_down_track_name")] + public string ToDownTrackName { get; set; } + + [Required] + [MaxLength(Constants.Models.Party.NameLength)] + [RegularExpression(Constants.Models.Party.NameRegExPattern)] + [JsonProperty(PropertyName = "to_down_party_name")] + public string ToDownPartyName { get; set; } + + [Length(Constants.Models.TrackLinkDownParty.SelectedUpPartiesMin, Constants.Models.TrackLinkDownParty.SelectedUpPartiesMax, Constants.Models.Party.NameLength, Constants.Models.TrackLinkDownParty.SelectedUpPartiesNameRegExPattern)] + [JsonProperty(PropertyName = "selected_up_parties")] + public List SelectedUpParties { get; set; } + + [Length(Constants.Models.OAuthUpParty.Client.ClaimsMin, Constants.Models.OAuthUpParty.Client.ClaimsMax, Constants.Models.Claim.JwtTypeLength, Constants.Models.Claim.JwtTypeWildcardRegExPattern)] + [JsonProperty(PropertyName = "claims")] + public List Claims { get; set; } + + [Length(Constants.Models.Claim.TransformsMin, Constants.Models.Claim.TransformsMax)] + [JsonProperty(PropertyName = "claim_transforms")] + public List ClaimTransforms { get; set; } + + /// + /// Default 10 hours. + /// + [Range(Constants.Models.UpParty.SessionLifetimeMin, Constants.Models.UpParty.SessionLifetimeMax)] + public int SessionLifetime { get; set; } = 36000; + + /// + /// Default 24 hours. + /// + [Range(Constants.Models.UpParty.SessionAbsoluteLifetimeMin, Constants.Models.UpParty.SessionAbsoluteLifetimeMax)] + public int SessionAbsoluteLifetime { get; set; } = 86400; + + /// + /// Default 0 minutes. + /// + [Range(Constants.Models.UpParty.PersistentAbsoluteSessionLifetimeMin, Constants.Models.UpParty.PersistentAbsoluteSessionLifetimeMax)] + public int PersistentSessionAbsoluteLifetime { get; set; } = 0; + + /// + /// Default false. + /// + public bool PersistentSessionLifetimeUnlimited { get; set; } = false; + + public bool DisableSingleLogout { get; set; } + + /// + /// Home realm discovery (HRD) domains. + /// + [Length(Constants.Models.UpParty.HrdDomainMin, Constants.Models.UpParty.HrdDomainMax, Constants.Models.UpParty.HrdDomainLength, Constants.Models.UpParty.HrdDomainRegExPattern)] + [Display(Name = "HRD domains")] + public List HrdDomains { get; set; } + + [Display(Name = "Show HRD button with domain")] + public bool HrdShowButtonWithDomain { get; set; } + + /// + /// Home realm discovery (HRD) display name. + /// + [MaxLength(Constants.Models.UpParty.HrdDisplayNameLength)] + [RegularExpression(Constants.Models.UpParty.HrdDisplayNameRegExPattern)] + [Display(Name = "HRD display name")] + public string HrdDisplayName { get; set; } + + /// + /// Home realm discovery (HRD) logo URL. + /// + [MaxLength(Constants.Models.UpParty.HrdLogoUrlLength)] + [RegularExpression(Constants.Models.UpParty.HrdLogoUrlRegExPattern)] + [Display(Name = "HRD logo URL")] + public string HrdLogoUrl { get; set; } + } +} diff --git a/src/FoxIDs.ControlShared/Models/Api/Tracks/CreateUserRequest.cs b/src/FoxIDs.ControlShared/Models/Api/Tracks/CreateUserRequest.cs index 73f492055..db08d2514 100644 --- a/src/FoxIDs.ControlShared/Models/Api/Tracks/CreateUserRequest.cs +++ b/src/FoxIDs.ControlShared/Models/Api/Tracks/CreateUserRequest.cs @@ -13,7 +13,7 @@ public class CreateUserRequest [Display(Name = "Email")] public string Email { get; set; } - [Display(Name = "Confirm account")] + [Display(Name = "User must confirm account")] public bool ConfirmAccount { get; set; } [Display(Name = "Email verified")] @@ -25,7 +25,7 @@ public class CreateUserRequest [Display(Name = "Password")] public string Password { get; set; } - [Display(Name = "Change password")] + [Display(Name = "User must change password")] public bool ChangePassword { get; set; } [Display(Name = "Disable account")] diff --git a/src/FoxIDs.ControlShared/Models/Api/Tracks/User.cs b/src/FoxIDs.ControlShared/Models/Api/Tracks/User.cs index 9920dd843..21952814a 100644 --- a/src/FoxIDs.ControlShared/Models/Api/Tracks/User.cs +++ b/src/FoxIDs.ControlShared/Models/Api/Tracks/User.cs @@ -13,13 +13,13 @@ public class User : IEmailValue [Display(Name = "Email")] public string Email { get; set; } - [Display(Name = "Confirm account")] + [Display(Name = "User must confirm account")] public bool ConfirmAccount { get; set; } [Display(Name = "Email verified")] public bool EmailVerified { get; set; } - [Display(Name = "Change password")] + [Display(Name = "User must change password")] public bool ChangePassword { get; set; } [Required] diff --git a/src/FoxIDs.ControlShared/Models/Api/Tracks/UserRequest.cs b/src/FoxIDs.ControlShared/Models/Api/Tracks/UserRequest.cs index 7e1ddb40e..6b4347c92 100644 --- a/src/FoxIDs.ControlShared/Models/Api/Tracks/UserRequest.cs +++ b/src/FoxIDs.ControlShared/Models/Api/Tracks/UserRequest.cs @@ -13,13 +13,13 @@ public class UserRequest [Display(Name = "Email")] public string Email { get; set; } - [Display(Name = "Confirm account")] + [Display(Name = "User must confirm account")] public bool ConfirmAccount { get; set; } [Display(Name = "Email verified")] public bool EmailVerified { get; set; } - [Display(Name = "Change password")] + [Display(Name = "User must change password")] public bool ChangePassword { get; set; } [Display(Name = "Disable account")] diff --git a/src/FoxIDs.Shared/Extensions/DataAnnotationExtensions.cs b/src/FoxIDs.Shared/Extensions/DataAnnotationExtensions.cs index 896c19e05..6e695f490 100644 --- a/src/FoxIDs.Shared/Extensions/DataAnnotationExtensions.cs +++ b/src/FoxIDs.Shared/Extensions/DataAnnotationExtensions.cs @@ -53,7 +53,7 @@ public static async Task ValidateObjectAsync(this object data) } } - public static Task<(bool, List)> ValidateObjectResultsAsync(this object data) + public static Task<(bool isValid, List results)> ValidateObjectResultsAsync(this object data) { var results = new List(); var isValid = TryValidateObjectRecursive(data, results); diff --git a/src/FoxIDs.Shared/Extensions/HttpContextExtensions.cs b/src/FoxIDs.Shared/Extensions/HttpContextExtensions.cs index 5abab394d..cce351f2c 100644 --- a/src/FoxIDs.Shared/Extensions/HttpContextExtensions.cs +++ b/src/FoxIDs.Shared/Extensions/HttpContextExtensions.cs @@ -3,7 +3,7 @@ using Microsoft.AspNetCore.Http; using Microsoft.Extensions.DependencyInjection; using System; -using UrlCombineLib; +using ITfoxtec.Identity.Util; namespace FoxIDs { @@ -31,16 +31,16 @@ public static string GetHost(this HttpContext context, bool addTrailingSlash = t return AddSlash($"{context.Request.Scheme}://{context.Request.Host.ToUriComponent()}/", addTrailingSlash); } - public static string GetHostWithTenantAndTrack(this HttpContext context) + public static string GetHostWithTenantAndTrack(this HttpContext context, string trackName = null) { var routeBinding = context.GetRouteBinding(); if (!routeBinding.HasCustomDomain) { - return UrlCombine.Combine(context.GetHost(), routeBinding.TenantName, routeBinding.TrackName); + return UrlCombine.Combine(context.GetHost(), routeBinding.TenantName, trackName ?? routeBinding.TrackName); } else { - return UrlCombine.Combine(context.GetHost(), routeBinding.TrackName); + return UrlCombine.Combine(context.GetHost(), trackName ?? routeBinding.TrackName); } } diff --git a/src/FoxIDs.Shared/FoxIDs.Shared.csproj b/src/FoxIDs.Shared/FoxIDs.Shared.csproj index fc1a2d9bf..ac64a9204 100644 --- a/src/FoxIDs.Shared/FoxIDs.Shared.csproj +++ b/src/FoxIDs.Shared/FoxIDs.Shared.csproj @@ -2,7 +2,7 @@ net7.0 - 1.0.14.5 + 1.0.15.3 FoxIDs Anders Revsgaard ITfoxtec @@ -32,13 +32,12 @@ - - - + + + - + - diff --git a/src/FoxIDs.Shared/Logic/Base/LogicBase.cs b/src/FoxIDs.Shared/Logic/Base/LogicBase.cs index 11c84c8d8..66635bed0 100644 --- a/src/FoxIDs.Shared/Logic/Base/LogicBase.cs +++ b/src/FoxIDs.Shared/Logic/Base/LogicBase.cs @@ -1,6 +1,5 @@ using FoxIDs.Models; using Microsoft.AspNetCore.Http; -using Microsoft.AspNetCore.Mvc; namespace FoxIDs.Logic { diff --git a/src/FoxIDs.Shared/Logic/Exceptions/Account/InvalidEmailException.cs b/src/FoxIDs.Shared/Logic/Exceptions/Account/InvalidEmailException.cs index 53c1c7ef6..e3c418a8f 100644 --- a/src/FoxIDs.Shared/Logic/Exceptions/Account/InvalidEmailException.cs +++ b/src/FoxIDs.Shared/Logic/Exceptions/Account/InvalidEmailException.cs @@ -10,5 +10,7 @@ public UserExistsException() { } public UserExistsException(string message) : base(message) { } public UserExistsException(string message, Exception innerException) : base(message, innerException) { } protected UserExistsException(SerializationInfo info, StreamingContext context) : base(info, context) { } + + public string Email { get; set; } } } \ No newline at end of file diff --git a/src/FoxIDs.Shared/Logic/MasterTenantLogic.cs b/src/FoxIDs.Shared/Logic/MasterTenantLogic.cs index 5a9ca0e2e..56d1817e8 100644 --- a/src/FoxIDs.Shared/Logic/MasterTenantLogic.cs +++ b/src/FoxIDs.Shared/Logic/MasterTenantLogic.cs @@ -6,7 +6,7 @@ using System.Linq; using System.Security.Claims; using System.Threading.Tasks; -using UrlCombineLib; +using ITfoxtec.Identity.Util; using static ITfoxtec.Identity.IdentityConstants; namespace FoxIDs.Logic diff --git a/src/FoxIDs.Shared/Logic/Parties/OidcDiscoveryReadLogic.cs b/src/FoxIDs.Shared/Logic/Parties/OidcDiscoveryReadLogic.cs index ab7b907c5..44f62c9b0 100644 --- a/src/FoxIDs.Shared/Logic/Parties/OidcDiscoveryReadLogic.cs +++ b/src/FoxIDs.Shared/Logic/Parties/OidcDiscoveryReadLogic.cs @@ -8,7 +8,7 @@ using System.Net; using System.Net.Http; using System.Threading.Tasks; -using UrlCombineLib; +using ITfoxtec.Identity.Util; namespace FoxIDs.Logic { diff --git a/src/FoxIDs.Shared/Logic/Tracks/BaseAccountLogic.cs b/src/FoxIDs.Shared/Logic/Tracks/BaseAccountLogic.cs index 5f456528c..8e1f915bc 100644 --- a/src/FoxIDs.Shared/Logic/Tracks/BaseAccountLogic.cs +++ b/src/FoxIDs.Shared/Logic/Tracks/BaseAccountLogic.cs @@ -48,7 +48,7 @@ public async Task CreateUser(string email, string password, bool changePas { if (await tenantRepository.ExistsAsync(await User.IdFormatAsync(userIdKey))) { - throw new UserExistsException($"User '{email}' already exists."); + throw new UserExistsException($"User '{email}' already exists.") { Email = email }; } await ValidatePasswordPolicy(email, password); } diff --git a/src/FoxIDs.Shared/Models/Master/Resources/EmbeddedResource.json b/src/FoxIDs.Shared/Models/Master/Resources/EmbeddedResource.json index 9f6e73507..22d54e332 100644 --- a/src/FoxIDs.Shared/Models/Master/Resources/EmbeddedResource.json +++ b/src/FoxIDs.Shared/Models/Master/Resources/EmbeddedResource.json @@ -162,7 +162,7 @@ "id": 40 }, { - "name": "A user with the email already exists.", + "name": "Select where to log in", "id": 41 }, { @@ -388,6 +388,10 @@ { "name": "Please try again in a little while.", "id": 97 + }, + { + "name": "Full name", + "id": 98 } ], "resources": [ @@ -903,11 +907,11 @@ "items": [ { "culture": "en", - "value": "A user with the email already exists." + "value": "Select where to log in" }, { "culture": "da", - "value": "Der eksisterer allerede en bruger med samme e-mail." + "value": "Vælg hvor du vil logge ind" } ] }, @@ -1630,6 +1634,19 @@ "value": "Prøv venligst igen om lidt." } ] + }, + { + "id": 98, + "items": [ + { + "culture": "en", + "value": "Full name" + }, + { + "culture": "da", + "value": "Fulde navn" + } + ] } ] } \ No newline at end of file diff --git a/src/FoxIDs.Shared/Models/Parties/CreateUser.cs b/src/FoxIDs.Shared/Models/Parties/CreateUser.cs new file mode 100644 index 000000000..dbfffacb6 --- /dev/null +++ b/src/FoxIDs.Shared/Models/Parties/CreateUser.cs @@ -0,0 +1,26 @@ +using FoxIDs.Infrastructure.DataAnnotations; +using Newtonsoft.Json; +using System.Collections.Generic; + +namespace FoxIDs.Models +{ + public class CreateUser + { + [JsonProperty(PropertyName = "confirm_account")] + public bool ConfirmAccount { get; set; } + + [JsonProperty(PropertyName = "require_multi_factor")] + public bool RequireMultiFactor { get; set; } + + [Length(Constants.Models.DynamicElements.ElementsMin, Constants.Models.DynamicElements.ElementsMax)] + [JsonProperty(PropertyName = "elements")] + public List Elements { get; set; } + + /// + /// Create user claim transforms, run after user creation. + /// + [Length(Constants.Models.Claim.TransformsMin, Constants.Models.Claim.TransformsMax)] + [JsonProperty(PropertyName = "claim_transforms")] + public List ClaimTransforms { get; set; } + } +} diff --git a/src/FoxIDs.Shared/Models/Parties/DynamicElement.cs b/src/FoxIDs.Shared/Models/Parties/DynamicElement.cs new file mode 100644 index 000000000..6e38a956e --- /dev/null +++ b/src/FoxIDs.Shared/Models/Parties/DynamicElement.cs @@ -0,0 +1,33 @@ +using Newtonsoft.Json; +using System; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Models +{ + public class DynamicElement : IValidatableObject + { + [Required] + public DynamicElementTypes Type { get; set; } + + [Required] + [Range(Constants.Models.DynamicElements.ElementsOrderMin, Constants.Models.DynamicElements.ElementsOrderMax)] + [JsonProperty(PropertyName = "order")] + public int Order { get; set; } + + [JsonProperty(PropertyName = "required")] + public bool Required { get; set; } + + public IEnumerable Validate(ValidationContext validationContext) + { + var results = new List(); + + if (!Required && (Type == DynamicElementTypes.EmailAndPassword)) + { + results.Add(new ValidationResult($"The field {nameof(Required)} must be true for dynamic element type '{Type}'.", new[] { nameof(Required) })); + } + + return results; + } + } +} diff --git a/src/FoxIDs.Shared/Models/Parties/DynamicElementTypes.cs b/src/FoxIDs.Shared/Models/Parties/DynamicElementTypes.cs new file mode 100644 index 000000000..d041f3b31 --- /dev/null +++ b/src/FoxIDs.Shared/Models/Parties/DynamicElementTypes.cs @@ -0,0 +1,17 @@ +using System.Runtime.Serialization; + +namespace FoxIDs.Models +{ + public enum DynamicElementTypes + { + [EnumMember(Value = "email_password")] + EmailAndPassword = 10, + + [EnumMember(Value = "name")] + Name = 20, + [EnumMember(Value = "given_name")] + GivenName = 21, + [EnumMember(Value = "family_name")] + FamilyName = 22 + } +} diff --git a/src/FoxIDs.Shared/Models/Parties/LoginUpParty.cs b/src/FoxIDs.Shared/Models/Parties/LoginUpParty.cs index 6cd8eaae2..2b3d6a39b 100644 --- a/src/FoxIDs.Shared/Models/Parties/LoginUpParty.cs +++ b/src/FoxIDs.Shared/Models/Parties/LoginUpParty.cs @@ -58,5 +58,8 @@ public LoginUpParty() [MaxLength(Constants.Models.LoginUpParty.CssStyleLength)] [JsonProperty(PropertyName = "css")] public string Css { get; set; } + + [JsonProperty(PropertyName = "create_user")] + public CreateUser CreateUser { get; set; } } } diff --git a/src/FoxIDs.Shared/Models/Parties/PartyTypes.cs b/src/FoxIDs.Shared/Models/Parties/PartyTypes.cs index b21b90fd6..a2d988bdc 100644 --- a/src/FoxIDs.Shared/Models/Parties/PartyTypes.cs +++ b/src/FoxIDs.Shared/Models/Parties/PartyTypes.cs @@ -11,6 +11,8 @@ public enum PartyTypes [EnumMember(Value = "oidc")] Oidc = 30, [EnumMember(Value = "saml2")] - Saml2 = 40 + Saml2 = 40, + [EnumMember(Value = "track_link")] + TrackLink = 100 } } diff --git a/src/FoxIDs.Shared/Models/Parties/TrackLinkDownParty.cs b/src/FoxIDs.Shared/Models/Parties/TrackLinkDownParty.cs new file mode 100644 index 000000000..545cbbfdc --- /dev/null +++ b/src/FoxIDs.Shared/Models/Parties/TrackLinkDownParty.cs @@ -0,0 +1,35 @@ +using FoxIDs.Infrastructure.DataAnnotations; +using Newtonsoft.Json; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Models +{ + public class TrackLinkDownParty : DownParty + { + public TrackLinkDownParty() + { + Type = PartyTypes.TrackLink; + } + + [Required] + [MaxLength(Constants.Models.Track.NameLength)] + [RegularExpression(Constants.Models.Track.NameDbRegExPattern)] + [JsonProperty(PropertyName = "to_up_track_name")] + public string ToUpTrackName { get; set; } + + [Required] + [MaxLength(Constants.Models.Party.NameLength)] + [RegularExpression(Constants.Models.Party.NameRegExPattern)] + [JsonProperty(PropertyName = "to_up_party_name")] + public string ToUpPartyName { get; set; } + + [Length(Constants.Models.Claim.TransformsMin, Constants.Models.Claim.TransformsMax)] + [JsonProperty(PropertyName = "claim_transforms")] + public List ClaimTransforms { get; set; } + + [Length(Constants.Models.OAuthDownParty.Client.ClaimsMin, Constants.Models.OAuthDownParty.Client.ClaimsMax)] + [JsonProperty(PropertyName = "claims")] + public List Claims { get; set; } + } +} diff --git a/src/FoxIDs.Shared/Models/Parties/TrackLinkUpParty.cs b/src/FoxIDs.Shared/Models/Parties/TrackLinkUpParty.cs new file mode 100644 index 000000000..d18ad2c8e --- /dev/null +++ b/src/FoxIDs.Shared/Models/Parties/TrackLinkUpParty.cs @@ -0,0 +1,39 @@ +using FoxIDs.Infrastructure.DataAnnotations; +using Newtonsoft.Json; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Models +{ + public class TrackLinkUpParty : UpParty + { + public TrackLinkUpParty() + { + Type = PartyTypes.TrackLink; + } + + [Required] + [MaxLength(Constants.Models.Track.NameLength)] + [RegularExpression(Constants.Models.Track.NameDbRegExPattern)] + [JsonProperty(PropertyName = "to_down_track_name")] + public string ToDownTrackName { get; set; } + + [Required] + [MaxLength(Constants.Models.Party.NameLength)] + [RegularExpression(Constants.Models.Party.NameRegExPattern)] + [JsonProperty(PropertyName = "to_down_party_name")] + public string ToDownPartyName { get; set; } + + [Length(Constants.Models.TrackLinkDownParty.SelectedUpPartiesMin, Constants.Models.TrackLinkDownParty.SelectedUpPartiesMax, Constants.Models.Party.NameLength, Constants.Models.TrackLinkDownParty.SelectedUpPartiesNameRegExPattern)] + [JsonProperty(PropertyName = "selected_up_parties")] + public List SelectedUpParties { get; set; } + + [Length(Constants.Models.OAuthUpParty.Client.ClaimsMin, Constants.Models.OAuthUpParty.Client.ClaimsMax, Constants.Models.Claim.JwtTypeLength, Constants.Models.Claim.JwtTypeWildcardRegExPattern)] + [JsonProperty(PropertyName = "claims")] + public List Claims { get; set; } + + [Length(Constants.Models.Claim.TransformsMin, Constants.Models.Claim.TransformsMax)] + [JsonProperty(PropertyName = "claim_transforms")] + public List ClaimTransforms { get; set; } + } +} diff --git a/src/FoxIDs.Shared/Repository/MasterRepository.cs b/src/FoxIDs.Shared/Repository/MasterRepository.cs index 0e3ec9549..6349f98c7 100644 --- a/src/FoxIDs.Shared/Repository/MasterRepository.cs +++ b/src/FoxIDs.Shared/Repository/MasterRepository.cs @@ -308,9 +308,17 @@ public async Task SaveBulkAsync(List items) where T : MasterDocument concurrentTasks.Add(bulkContainer.UpsertItemAsync(item, partitionKey) .ContinueWith(async (responseTask) => { - if (responseTask.Exception != null) + if (!responseTask.IsCompletedSuccessfully) { - logger.Error(responseTask.Exception); + var innerException = responseTask.Exception.Flatten()?.InnerExceptions?.FirstOrDefault(); + if (innerException != null) + { + throw new CosmosDataException(partitionId, innerException); + } + else + { + throw new CosmosDataException(partitionId); + } } totalRU += (await responseTask).RequestCharge; })); @@ -318,6 +326,10 @@ public async Task SaveBulkAsync(List items) where T : MasterDocument await Task.WhenAll(concurrentTasks); } + catch (CosmosDataException) + { + throw; + } catch (Exception ex) { throw new CosmosDataException(partitionId, ex); @@ -346,9 +358,17 @@ public async Task DeleteBulkAsync(List ids) where T : MasterDocument concurrentTasks.Add(bulkContainer.DeleteItemAsync(id, partitionKey) .ContinueWith(async (responseTask) => { - if (responseTask.Exception != null) + if (!responseTask.IsCompletedSuccessfully) { - logger.Error(responseTask.Exception); + var innerException = responseTask.Exception.Flatten()?.InnerExceptions?.FirstOrDefault(); + if (innerException != null) + { + throw new CosmosDataException(partitionId, innerException); + } + else + { + throw new CosmosDataException(partitionId); + } } totalRU += (await responseTask).RequestCharge; })); @@ -356,6 +376,10 @@ public async Task DeleteBulkAsync(List ids) where T : MasterDocument await Task.WhenAll(concurrentTasks); } + catch (CosmosDataException) + { + throw; + } catch (Exception ex) { throw new CosmosDataException(partitionId, ex); diff --git a/src/FoxIDs.SharedBase/Constants.cs b/src/FoxIDs.SharedBase/Constants.cs index 859e7d06c..6a7ebcd6d 100644 --- a/src/FoxIDs.SharedBase/Constants.cs +++ b/src/FoxIDs.SharedBase/Constants.cs @@ -40,12 +40,15 @@ public static class Routes public const string OAuthUpJumpController = "oauthupjump"; public const string SamlUpJumpController = "samlupjump"; + public const string TrackLinkController = "tracklink"; + public const string RouteControllerKey = "controller"; public const string RouteActionKey = "action"; public const string RouteBindingKey = "binding"; public const string RouteBindingCustomDomainHeader = "domainheader"; public const string SequenceStringKey = Sequence.String; + public const string KeySequenceKey = "ks"; public const string PreApikey = "!"; public const string MasterApiName = "@master"; @@ -257,6 +260,14 @@ public static class User public const int TwoFactorAppCodeLength = 50; } + public static class DynamicElements + { + public const int ElementsMin = 0; + public const int ElementsMax = 20; + public const int ElementsOrderMin = 0; + public const int ElementsOrderMax = 100; + } + public static class Claim { public const int JwtTypeLength = 80; @@ -360,6 +371,13 @@ public static class Client } } + public static class TrackLinkDownParty + { + public const int SelectedUpPartiesMin = 1; + public const int SelectedUpPartiesMax = 4; + public const string SelectedUpPartiesNameRegExPattern = @"^[\*\w\-]*$"; + } + public static class UpParty { public const int SessionLifetimeMin = 0; // 0 minutes @@ -552,6 +570,11 @@ public static class Endpoints public const string SamlIdPMetadata = "idpmetadata"; public const string SamlSPMetadata = "spmetadata"; + public const string TrackLinkAuthRequest = "authrequest"; + public const string TrackLinkAuthResponse = "authresponse"; + public const string TrackLinkRpLogoutRequest = "rplogoutrequest"; + public const string TrackLinkRpLogoutResponse = "rplogoutresponse"; + public static class UpJump { public const string AuthenticationRequest = "authenticationrequest"; @@ -559,7 +582,9 @@ public static class UpJump public const string AuthnRequest = "authnrequest"; public const string LogoutRequest = "logoutrequest"; - public const string SingleLogoutRequestJump = "singlelogoutrequestjump"; + public const string SingleLogoutRequestJump = "singlelogoutrequestjump"; + + public const string TrackLinkRpLogoutRequestJump = "rplogoutrequestjump"; } } diff --git a/src/FoxIDs.SharedBase/Extensions/HashExtensions.cs b/src/FoxIDs.SharedBase/Extensions/HashExtensions.cs index 79855e888..0a06a7a1f 100644 --- a/src/FoxIDs.SharedBase/Extensions/HashExtensions.cs +++ b/src/FoxIDs.SharedBase/Extensions/HashExtensions.cs @@ -8,7 +8,7 @@ public static class HashExtensions { public static string Sha1Hash(this string password) { - using (var sha1Provider = new SHA1CryptoServiceProvider()) + using (var sha1Provider = SHA1.Create()) { var hash = sha1Provider.ComputeHash(Encoding.UTF8.GetBytes(password)); return string.Concat(hash.Select(b => b.ToString("X2"))); diff --git a/src/FoxIDs.SharedBase/FoxIDs.SharedBase.csproj b/src/FoxIDs.SharedBase/FoxIDs.SharedBase.csproj index 447f51b17..3afa048c8 100644 --- a/src/FoxIDs.SharedBase/FoxIDs.SharedBase.csproj +++ b/src/FoxIDs.SharedBase/FoxIDs.SharedBase.csproj @@ -2,7 +2,7 @@ net7.0 - 1.0.14.5 + 1.0.15.3 FoxIDs Anders Revsgaard ITfoxtec @@ -10,10 +10,10 @@ - - + + - + diff --git a/src/FoxIDs/Controllers/LoginController.cs b/src/FoxIDs/Controllers/LoginController.cs index 715fbd661..00049ce9e 100644 --- a/src/FoxIDs/Controllers/LoginController.cs +++ b/src/FoxIDs/Controllers/LoginController.cs @@ -167,6 +167,8 @@ private async Task GoToUpParty(LoginUpSequenceData sequenceData, return await serviceProvider.GetService>().AuthenticationRequestRedirectAsync(selectedUpParty, GetLoginRequest(sequenceData), hrdLoginUpPartyName: sequenceData.UpPartyId.PartyIdToName()); case PartyTypes.Saml2: return await serviceProvider.GetService().AuthnRequestRedirectAsync(selectedUpParty, GetLoginRequest(sequenceData), hrdLoginUpPartyName: sequenceData.UpPartyId.PartyIdToName()); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().AuthRequestAsync(selectedUpParty, GetLoginRequest(sequenceData), hrdLoginUpPartyName: sequenceData.UpPartyId.PartyIdToName()); default: throw new NotSupportedException($"Party type '{selectedUpParty.Type}' not supported."); } @@ -660,6 +662,7 @@ public async Task CreateUser() { throw new InvalidOperationException("Create user not enabled."); } + PopulateCreateUserDefault(loginUpParty); (var session, _) = await sessionLogic.GetAndUpdateSessionCheckUserAsync(loginUpParty, loginPageLogic.GetDownPartyLink(loginUpParty, sequenceData)); if (session != null) @@ -668,7 +671,14 @@ public async Task CreateUser() } logger.ScopeTrace(() => "Show create user dialog."); - return View(nameof(CreateUser), new CreateUserViewModel { SequenceString = SequenceString, Title = loginUpParty.Title, IconUrl = loginUpParty.IconUrl, Css = loginUpParty.Css }); + return View(nameof(CreateUser), new CreateUserViewModel + { + SequenceString = SequenceString, + Title = loginUpParty.Title, + IconUrl = loginUpParty.IconUrl, + Css = loginUpParty.Css, + Elements = ToElementsViewModel(loginUpParty.CreateUser.Elements).ToList() + }); } catch (Exception ex) @@ -691,7 +701,9 @@ public async Task CreateUser(CreateUserViewModel createUser) if (!loginUpParty.EnableCreateUser) { throw new InvalidOperationException("Create user not enabled."); - } + } + PopulateCreateUserDefault(loginUpParty); + createUser.Elements = ToElementsViewModel(loginUpParty.CreateUser.Elements, createUser.Elements).ToList(); Func viewError = () => { @@ -702,6 +714,8 @@ public async Task CreateUser(CreateUserViewModel createUser) return View(nameof(CreateUser), createUser); }; + ModelState.Clear(); + (var email, var password, var emailPasswordI) = await ValidateCreateUserViewModelElements(createUser.Elements); if (!ModelState.IsValid) { return viewError(); @@ -718,52 +732,60 @@ public async Task CreateUser(CreateUserViewModel createUser) try { var claims = new List(); - if (!createUser.GivenName.IsNullOrWhiteSpace()) + var nameDElament = createUser.Elements.Where(e => e is NameDElement).FirstOrDefault() as NameDElement; + if (!string.IsNullOrWhiteSpace(nameDElament?.DField1)) { - claims.AddClaim(JwtClaimTypes.GivenName, createUser.GivenName); + claims.AddClaim(JwtClaimTypes.Name, nameDElament.DField1); } - if (!createUser.FamilyName.IsNullOrWhiteSpace()) + var givenNameDElament = createUser.Elements.Where(e => e is GivenNameDElement).FirstOrDefault() as GivenNameDElement; + if (!string.IsNullOrWhiteSpace(givenNameDElament?.DField1)) { - claims.AddClaim(JwtClaimTypes.FamilyName, createUser.FamilyName); + claims.AddClaim(JwtClaimTypes.GivenName, givenNameDElament.DField1); } + var familyNameDElament = createUser.Elements.Where(e => e is FamilyNameDElement).FirstOrDefault() as FamilyNameDElement; + if (!string.IsNullOrWhiteSpace(familyNameDElament?.DField1)) + { + claims.AddClaim(JwtClaimTypes.FamilyName, familyNameDElament.DField1); + } + claims = await loginPageLogic.GetCreateUserTransformedClaimsAsync(loginUpParty, claims); - var user = await userAccountLogic.CreateUser(createUser.Email, createUser.Password, claims: claims); + var user = await userAccountLogic.CreateUser(email, password, claims: claims, confirmAccount: loginUpParty.CreateUser.ConfirmAccount, requireMultiFactor: loginUpParty.CreateUser.RequireMultiFactor); if (user != null) { - return await loginPageLogic.LoginResponseSequenceAsync(sequenceData, loginUpParty, user); + return await CreateUserStartLogin(sequenceData, loginUpParty, user.Email); } } catch (UserExistsException uex) { logger.ScopeTrace(() => uex.Message, triggerEvent: true); - ModelState.AddModelError(nameof(createUser.Email), localizer["A user with the email already exists."]); + return await CreateUserStartLogin(sequenceData, loginUpParty, uex.Email); } catch (PasswordLengthException plex) { logger.ScopeTrace(() => plex.Message); - ModelState.AddModelError(nameof(createUser.Password), RouteBinding.CheckPasswordComplexity ? + ModelState.AddModelError($"Elements[{emailPasswordI}].{nameof(DynamicElementBase.DField2)}", RouteBinding.CheckPasswordComplexity ? localizer["Please use {0} characters or more with a mix of letters, numbers and symbols.", RouteBinding.PasswordLength] : localizer["Please use {0} characters or more.", RouteBinding.PasswordLength]); } catch (PasswordComplexityException pcex) { logger.ScopeTrace(() => pcex.Message); - ModelState.AddModelError(nameof(createUser.Password), localizer["Please use a mix of letters, numbers and symbols"]); + ModelState.AddModelError($"Elements[{emailPasswordI}].{nameof(DynamicElementBase.DField2)}", localizer["Please use a mix of letters, numbers and symbols"]); } catch (PasswordEmailTextComplexityException pecex) { logger.ScopeTrace(() => pecex.Message); - ModelState.AddModelError(nameof(createUser.Password), localizer["Please do not use the email or parts of it."]); + ModelState.AddModelError($"Elements[{emailPasswordI}].{nameof(DynamicElementBase.DField2)}", localizer["Please do not use the email or parts of it."]); } catch (PasswordUrlTextComplexityException pucex) { logger.ScopeTrace(() => pucex.Message); - ModelState.AddModelError(nameof(createUser.Password), localizer["Please do not use parts of the URL."]); + ModelState.AddModelError($"Elements[{emailPasswordI}].{nameof(DynamicElementBase.DField2)}", localizer["Please do not use parts of the URL."]); } catch (PasswordRiskException prex) { logger.ScopeTrace(() => prex.Message); - ModelState.AddModelError(nameof(createUser.Password), localizer["The password has previously appeared in a data breach. Please choose a more secure alternative."]); + ModelState.AddModelError($"Elements[{emailPasswordI}].{nameof(DynamicElementBase.DField2)}", localizer["The password has previously appeared in a data breach. Please choose a more secure alternative."]); } return viewError(); @@ -774,6 +796,109 @@ public async Task CreateUser(CreateUserViewModel createUser) } } + private async Task<(string email, string password, int emailPasswordI)> ValidateCreateUserViewModelElements(List elements) + { + var email = string.Empty; + var password = string.Empty; + var emailPasswordI = 0; + var i = 0; + foreach (var element in elements) + { + var elementValidation = await element.ValidateObjectResultsAsync(); + if (!elementValidation.isValid) + { + foreach (var result in elementValidation.results) + { + ModelState.AddModelError($"Elements[{i}].{result.MemberNames.First()}", result.ErrorMessage); + } + } + if (element is EmailAndPasswordDElement) + { + emailPasswordI = i; + email = element.DField1; + password = element.DField2; + element.DField2 = null; + element.DField3 = null; + } + i++; + } + return (email, password, emailPasswordI); + } + + private async Task CreateUserStartLogin(LoginUpSequenceData sequenceData, LoginUpParty loginUpParty, string email) + { + sequenceData.Email = email; + sequenceData.DoLoginIdentifierStep = false; + await sequenceLogic.SaveSequenceDataAsync(sequenceData); + return HttpContext.GetUpPartyUrl(loginUpParty.Name, Constants.Routes.LoginController, includeSequence: true).ToRedirectResult(); + } + + private void PopulateCreateUserDefault(LoginUpParty loginUpParty) + { + if (loginUpParty.CreateUser == null || loginUpParty.CreateUser.Elements?.Any() != true) + { + loginUpParty.CreateUser = new CreateUser + { + ConfirmAccount = false, + RequireMultiFactor = false, + Elements = new List + { + new DynamicElement + { + Type = DynamicElementTypes.EmailAndPassword, + Order = 0, + Required = true + }, + new DynamicElement + { + Type = DynamicElementTypes.GivenName, + Order = 1, + Required = false + }, + new DynamicElement + { + Type = DynamicElementTypes.FamilyName, + Order = 2, + Required = false + } + } + }; + } + } + + private IEnumerable ToElementsViewModel(List elements, List valueElements = null) + { + bool hasEmailAndPasswordDElement = false; + var i = 0; + foreach(var element in elements) + { + var valueElement = valueElements?.Count() > i ? valueElements[i] : null; + switch (element.Type) + { + case DynamicElementTypes.EmailAndPassword: + hasEmailAndPasswordDElement = true; + yield return new EmailAndPasswordDElement { DField1 = valueElement?.DField1, DField2 = valueElement?.DField2, DField3 = valueElement?.DField3, Required = true }; + break; + case DynamicElementTypes.Name: + yield return new NameDElement { DField1 = valueElement?.DField1, Required = element.Required }; + break; + case DynamicElementTypes.GivenName: + yield return new GivenNameDElement { DField1 = valueElement?.DField1, Required = element.Required }; + break; + case DynamicElementTypes.FamilyName: + yield return new FamilyNameDElement { DField1 = valueElement?.DField1, Required = element.Required }; + break; + default: + throw new NotImplementedException(); + } + i++; + } + if(!hasEmailAndPasswordDElement) + { + throw new Exception("The EmailAndPasswordDElement is required."); + } + } + private async Task StartChangePassword(string email, LoginUpSequenceData sequenceData) { sequenceData.Email = email; diff --git a/src/FoxIDs/Controllers/OAuthController.cs b/src/FoxIDs/Controllers/OAuthController.cs index b1a0a3083..f27858cc5 100644 --- a/src/FoxIDs/Controllers/OAuthController.cs +++ b/src/FoxIDs/Controllers/OAuthController.cs @@ -217,8 +217,6 @@ public async Task FrontChannelLogoutDone() { throw new EndpointException($"Front Channel Logout Done failed for client id '{RouteBinding.DownParty.Name}'.", ex) { RouteBinding = RouteBinding }; } - } - - + } } } \ No newline at end of file diff --git a/src/FoxIDs/Controllers/TrackLinkController.cs b/src/FoxIDs/Controllers/TrackLinkController.cs new file mode 100644 index 000000000..21a0269de --- /dev/null +++ b/src/FoxIDs/Controllers/TrackLinkController.cs @@ -0,0 +1,146 @@ +using FoxIDs.Infrastructure; +using FoxIDs.Infrastructure.Filters; +using FoxIDs.Logic; +using FoxIDs.Models.Sequences; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.DependencyInjection; +using System; +using System.Threading.Tasks; + +namespace FoxIDs.Controllers +{ + public class TrackLinkController : EndpointController + { + private readonly TelemetryScopedLogger logger; + private readonly IServiceProvider serviceProvider; + + public TrackLinkController(TelemetryScopedLogger logger, IServiceProvider serviceProvider) : base(logger) + { + this.logger = logger; + this.serviceProvider = serviceProvider; + } + + public async Task AuthResponse() + { + try + { + logger.ScopeTrace(() => $"Track link auth response, Up party name '{RouteBinding.UpParty.Name}'"); + return await serviceProvider.GetService().AuthResponseAsync(RouteBinding.UpParty.Id); + } + catch (Exception ex) + { + throw new EndpointException($"Track link auth response failed, Name '{RouteBinding.UpParty.Name}'.", ex) { RouteBinding = RouteBinding }; + } + } + + [Sequence] + public async Task RpLogoutRequestJump() + { + try + { + logger.ScopeTrace(() => $"Track link RP initiated logout request, Up party name '{RouteBinding.UpParty.Name}'"); + return await serviceProvider.GetService().LogoutRequestAsync(RouteBinding.UpParty.Id); + } + catch (Exception ex) + { + throw new EndpointException($"Track link RP initiated logout request failed, Name '{RouteBinding.UpParty.Name}'.", ex) { RouteBinding = RouteBinding }; + } + } + + public async Task RpLogoutResponse() + { + try + { + logger.ScopeTrace(() => $"Track link RP initiated logout response, Up party name '{RouteBinding.UpParty.Name}'"); + return await serviceProvider.GetService().LogoutResponseAsync(RouteBinding.UpParty.Id); + } + catch (Exception ex) + { + throw new EndpointException($"Track link RP initiated logout response failed, Name '{RouteBinding.UpParty.Name}'.", ex) { RouteBinding = RouteBinding }; + } + } + + [Sequence(SequenceAction.Start)] + public async Task FrontChannelLogout() + { + try + { + logger.ScopeTrace(() => $"Track link front channel logout request, Up party name '{RouteBinding.UpParty.Name}'"); + return await serviceProvider.GetService().FrontChannelLogoutAsync(RouteBinding.UpParty.Id); + } + catch (Exception ex) + { + throw new EndpointException($"Track link front channel logout request failed, Name '{RouteBinding.UpParty.Name}'.", ex) { RouteBinding = RouteBinding }; + } + } + + //public async Task FrontChannelLogoutResponse() + //{ + // try + // { + // logger.ScopeTrace(() => $"Track link front channel logout response, Down party name '{RouteBinding.DownParty.Name}'"); + // return await serviceProvider.GetService().LogoutResponseAsync(RouteBinding.DownParty.Id); + // } + // catch (Exception ex) + // { + // throw new EndpointException($"Track link IdP initiated response logout failed, Name '{RouteBinding.DownParty.Name}'.", ex) { RouteBinding = RouteBinding }; + // } + //} + + [Sequence] + public async Task FrontChannelLogoutDone() + { + try + { + logger.ScopeTrace(() => $"Track link front channel logout Done, Down type '{RouteBinding.DownParty.Name}'"); + return await serviceProvider.GetService().LogoutDoneAsync(); + } + catch (Exception ex) + { + throw new EndpointException($"Track link front channel logout Done failed for client id '{RouteBinding.DownParty.Name}'.", ex) { RouteBinding = RouteBinding }; + } + } + + [Sequence] + public async Task SingleLogoutDone() + { + try + { + logger.ScopeTrace(() => $"Track link single Logout done, Up party name '{RouteBinding.UpParty.Name}'"); + return await serviceProvider.GetService().SingleLogoutDone(RouteBinding.UpParty.Id); + } + catch (Exception ex) + { + throw new EndpointException($"Track link single Logout done failed, Name '{RouteBinding.UpParty.Name}'.", ex) { RouteBinding = RouteBinding }; + } + } + + [Sequence(SequenceAction.Start)] + public async Task AuthRequest() + { + try + { + logger.ScopeTrace(() => $"Track link auth request, Down party name '{RouteBinding.DownParty.Name}'"); + return await serviceProvider.GetService().AuthRequestAsync(RouteBinding.DownParty.Id); + } + catch (Exception ex) + { + throw new EndpointException($"Track link auth request failed, Name '{RouteBinding.DownParty.Name}'.", ex) { RouteBinding = RouteBinding }; + } + } + + [Sequence(SequenceAction.Start)] + public async Task RpLogoutRequest() + { + try + { + logger.ScopeTrace(() => $"Track link RP initiated logout request, Down party name '{RouteBinding.DownParty.Name}'"); + return await serviceProvider.GetService().LogoutRequestAsync(RouteBinding.DownParty.Id); + } + catch (Exception ex) + { + throw new EndpointException($"Track link RP initiated logout request failed, Name '{RouteBinding.DownParty.Name}'.", ex) { RouteBinding = RouteBinding }; + } + } + } +} diff --git a/src/FoxIDs/Extensions/DynamicElementExtension.cs b/src/FoxIDs/Extensions/DynamicElementExtension.cs new file mode 100644 index 000000000..9f7493c66 --- /dev/null +++ b/src/FoxIDs/Extensions/DynamicElementExtension.cs @@ -0,0 +1,102 @@ +using Microsoft.AspNetCore.Html; +using Microsoft.AspNetCore.Mvc.Rendering; +using Microsoft.Extensions.Localization; +using Microsoft.Extensions.DependencyInjection; +using ITfoxtec.Identity; +using System.ComponentModel.DataAnnotations; +using Microsoft.AspNetCore.Mvc.ModelBinding; +using System.Linq; +using Microsoft.IdentityModel.Abstractions; + +namespace FoxIDs +{ + public static class DynamicElementExtension + { + public static IHtmlContent GetEmailControl(this IHtmlHelper html, string name, string value, int maxlength = 60, bool isRequired = false) + { + return html.GetControl("email", name, html.GetLocalizerValue("Email"), value, maxlength, validation: $"data-val-email=\"{html.GetErrorAttributeLocalizerMessage()}\"", autocomplete: "username", isRequired: isRequired); + } + + public static IHtmlContent GetPasswordControl(this IHtmlHelper html, string name, string value, int maxlength = 50, bool isRequired = false) + { + return html.GetControl("password", name, html.GetLocalizerValue("Password"), value, maxlength, autocomplete: "new-password", isRequired: isRequired); + } + + public static IHtmlContent GetConfirmPasswordControl(this IHtmlHelper html, string name, string value, string matchPasswordName, int maxlength = 50, bool isRequired = false) + { + var displayName = html.GetLocalizerValue("Confirm password"); + return html.GetControl("password", name, displayName, value, maxlength, validation: $"data-val-equalto=\"{html.GetLocalizerValue("'{0}' and 'Password' do not match.", displayName)}\" data-val-equalto-other=\"{matchPasswordName}\"", autocomplete: "new-password", isRequired: isRequired); + } + + public static IHtmlContent GetNameControl(this IHtmlHelper html, string name, string value, int maxlength = 150, bool isRequired = false) + { + return html.GetControl("text", name, html.GetLocalizerValue("Full name"), value, maxlength, autocomplete: "name", isRequired: isRequired); + } + + public static IHtmlContent GetGivenNameControl(this IHtmlHelper html, string name, string value, int maxlength = 80, bool isRequired = false) + { + return html.GetControl("text", name, html.GetLocalizerValue("Given name"), value, maxlength, autocomplete: "given-name", isRequired: isRequired); + } + + public static IHtmlContent GetFamilyNameControl(this IHtmlHelper html, string name, string value, int maxlength = 80, bool isRequired = false) + { + return html.GetControl("text", name, html.GetLocalizerValue("Family name"), value, maxlength, autocomplete: "family-name", isRequired: isRequired); + } + + private static IHtmlContent GetControl(this IHtmlHelper html, string type, string name, string displayName, string value, int maxlength, string validation = null, string autocomplete = null, bool isRequired = false) + { + (var hasError, var errorMessage) = GetError(html, name); + + var id = name.Replace('.', '_').Replace('[', '_').Replace(']', '_'); + var content = new HtmlContentBuilder(); + content.AppendHtml($"(displayName, maxlength)}\" data-val-maxlength-max=\"{maxlength}\"{(isRequired ? $" data-val-required=\"{html.GetErrorAttributeLocalizerMessage(displayName)}\"" : string.Empty)} id=\"{id}\" maxlength=\"{maxlength}\" name=\"{name}\" value=\"{value}\">"); + content.AppendHtml($""); + content.AppendHtml($"{errorMessage}"); + return content; + } + + private static (bool hasError, string errorMessage) GetError(IHtmlHelper html, string name) + { + if (!html.ViewData.ModelState.IsValid && html.ViewData.ModelState[name]?.ValidationState == ModelValidationState.Invalid) + { + var error = html.ViewData.ModelState[name].Errors.FirstOrDefault(); + if (error != null && !error.ErrorMessage.IsNullOrEmpty()) + { + return (true, error.ErrorMessage); + } + } + + return (false, string.Empty); + } + + private static string GetLocalizerValue(this IHtmlHelper html, string name) + { + return html.ViewContext.HttpContext.RequestServices.GetService()[name]; + } + private static string GetLocalizerValue(this IHtmlHelper html, string name, params object[] arguments) + { + return html.ViewContext.HttpContext.RequestServices.GetService()[name, arguments]; + } + private static string GetErrorAttributeLocalizerMessage(this IHtmlHelper html) where T : ValidationAttribute, new() + { + return html.ViewContext.HttpContext.RequestServices.GetService()[GetErrorAttributeMessage()]; + } + private static string GetErrorAttributeLocalizerMessage(this IHtmlHelper html, params object[] arguments) where T : ValidationAttribute, new() + { + return html.ViewContext.HttpContext.RequestServices.GetService()[GetErrorAttributeMessage(), arguments]; + } + + private static string GetErrorAttributeMessage() where T : ValidationAttribute, new() + { + var attribute = new T(); + if(attribute is MaxLengthAttribute) + { + return attribute.FormatErrorMessage("{0}").Replace("-1", "{1}"); + } + else + { + return attribute.FormatErrorMessage("{0}"); + } + } + } +} diff --git a/src/FoxIDs/Extensions/RouteBindingExtensions.cs b/src/FoxIDs/Extensions/RouteBindingExtensions.cs index e4b10b003..7f80719c2 100644 --- a/src/FoxIDs/Extensions/RouteBindingExtensions.cs +++ b/src/FoxIDs/Extensions/RouteBindingExtensions.cs @@ -1,9 +1,10 @@ using FoxIDs.Models; using ITfoxtec.Identity; using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.WebUtilities; using System; using System.Collections.Generic; -using UrlCombineLib; +using ITfoxtec.Identity.Util; namespace FoxIDs { @@ -52,7 +53,7 @@ public static string GetDownPartyUrl(this HttpContext httpContext, string downPa } return UrlCombine.Combine(httpContext.GetHostWithTenantAndTrack(), elements.ToArray()); } - + public static string ToDownPartyBinding(this string downPartyName, string upPartyName, PartyBindingPatterns partyBindingPattern) { return partyBindingPattern switch @@ -62,6 +63,33 @@ public static string ToDownPartyBinding(this string downPartyName, string upPart PartyBindingPatterns.Dot => $"{downPartyName}.{upPartyName}.", _ => throw new NotImplementedException($"Party binding pattern '{partyBindingPattern}' not implemented.") }; + } + + public static string GetTrackUpPartyUrl(this HttpContext httpContext, string trackName, string upPartyName, string controller, string action = null, bool includeKeySequence = false) + { + var elements = new List { upPartyName.ToUpPartyBinding(PartyBindingPatterns.Brackets), controller, action }; + var url = UrlCombine.Combine(httpContext.GetHostWithTenantAndTrack(trackName), elements.ToArray()); + if (includeKeySequence) + { + url = QueryHelpers.AddQueryString(url, new Dictionary { { Constants.Routes.KeySequenceKey, httpContext.GetSequenceString() } }); + } + return url; + } + + public static string GetTrackDownPartyUrl(this HttpContext httpContext, string trackName, string downPartyName, List upPartyNames, string controller, string action, bool includeKeySequence = false) + { + if (upPartyNames?.Count > Constants.Models.TrackLinkDownParty.SelectedUpPartiesMax) + { + throw new ArgumentException($"More then {Constants.Models.TrackLinkDownParty.SelectedUpPartiesMax} to up-party names.", nameof(upPartyNames)); + } + + var elements = new List { $"{downPartyName}({string.Join(',', upPartyNames)})", controller, action }; + var url = UrlCombine.Combine(httpContext.GetHostWithTenantAndTrack(trackName), elements.ToArray()); + if (includeKeySequence) + { + url = QueryHelpers.AddQueryString(url, new Dictionary { { Constants.Routes.KeySequenceKey, httpContext.GetSequenceString() } }); + } + return url; } } } diff --git a/src/FoxIDs/FoxIDs.csproj b/src/FoxIDs/FoxIDs.csproj index 43cb7d20c..d72523c6a 100644 --- a/src/FoxIDs/FoxIDs.csproj +++ b/src/FoxIDs/FoxIDs.csproj @@ -1,7 +1,7 @@  net7.0 - 1.0.14.5 + 1.0.15.3 FoxIDs Anders Revsgaard ITfoxtec @@ -28,20 +28,19 @@ - - + + - + - - - + + + - - + diff --git a/src/FoxIDs/Infrastructure/Filters/SequenceAttribute.cs b/src/FoxIDs/Infrastructure/Filters/SequenceAttribute.cs index ae102b0b3..407f96102 100644 --- a/src/FoxIDs/Infrastructure/Filters/SequenceAttribute.cs +++ b/src/FoxIDs/Infrastructure/Filters/SequenceAttribute.cs @@ -43,7 +43,7 @@ public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionE else if (!context.HttpContext.Items.ContainsKey(Constants.Sequence.Start) && !context.HttpContext.Items.ContainsKey(Constants.Sequence.Valid)) { var sequenceString = context.HttpContext.GetRouteSequenceString(); - await sequenceLogic.ValidateSequenceAsync(sequenceString, true); + await sequenceLogic.ValidateAndSetSequenceAsync(sequenceString, true); } await next(); diff --git a/src/FoxIDs/Infrastructure/Hosting/FoxIDsRouteBindingMiddleware.cs b/src/FoxIDs/Infrastructure/Hosting/FoxIDsRouteBindingMiddleware.cs index bbadd83e6..bab34c1d1 100644 --- a/src/FoxIDs/Infrastructure/Hosting/FoxIDsRouteBindingMiddleware.cs +++ b/src/FoxIDs/Infrastructure/Hosting/FoxIDsRouteBindingMiddleware.cs @@ -174,7 +174,7 @@ protected override async ValueTask PostRouteDataAsync(TelemetrySco { routeBinding.DownParty = await GetDownPartyAsync(trackIdKey, partyNameBindingMatch.Groups["downparty"], acceptUnknownParty); - if (routeBinding.DownParty?.AllowUpParties?.Count() >= 1) + if (routeBinding.DownParty?.AllowUpParties?.Count() >= Constants.Models.TrackLinkDownParty.SelectedUpPartiesMin) { //TODO can be deleted when data is updated everywhere, delete after summer 2023 var allowUpParties = routeBinding.DownParty.AllowUpParties.OrderBy(p => p.Type).ThenBy(p => p.Name); @@ -260,9 +260,9 @@ private async Task GetDownPartyAsync(Track.IdKey trackIdKey, Group do private List GetAllowedToUpPartyIds(TelemetryScopedLogger scopedLogger, Group toUpPartyGroup, string downPartyId, IEnumerable allowUpParties) { - if (toUpPartyGroup.Captures.Count > 4) + if (toUpPartyGroup.Captures.Count > Constants.Models.TrackLinkDownParty.SelectedUpPartiesMax) { - throw new ArgumentException($"More then 4 to up-party for down-party '{downPartyId}'."); + throw new ArgumentException($"More then {Constants.Models.TrackLinkDownParty.SelectedUpPartiesMax} to up-party for down-party '{downPartyId}'."); } var toUpParties = new List(); diff --git a/src/FoxIDs/Infrastructure/Hosting/FoxIDsRouteTransformer.cs b/src/FoxIDs/Infrastructure/Hosting/FoxIDsRouteTransformer.cs index b7b336528..d4bb427ca 100644 --- a/src/FoxIDs/Infrastructure/Hosting/FoxIDsRouteTransformer.cs +++ b/src/FoxIDs/Infrastructure/Hosting/FoxIDsRouteTransformer.cs @@ -5,7 +5,7 @@ using System; using System.Linq; using System.Threading.Tasks; -using UrlCombineLib; +using ITfoxtec.Identity.Util; using Microsoft.Extensions.DependencyInjection; using Microsoft.AspNetCore.Localization; using FoxIDs.Models.Sequences; diff --git a/src/FoxIDs/Infrastructure/Hosting/ServiceCollectionExtensions.cs b/src/FoxIDs/Infrastructure/Hosting/ServiceCollectionExtensions.cs index bca7c56b4..7595a959a 100644 --- a/src/FoxIDs/Infrastructure/Hosting/ServiceCollectionExtensions.cs +++ b/src/FoxIDs/Infrastructure/Hosting/ServiceCollectionExtensions.cs @@ -6,7 +6,6 @@ using FoxIDs.Models; using FoxIDs.Models.Config; using FoxIDs.Repository; -using ITfoxtec.Identity.Discovery; using Microsoft.AspNetCore.Cors.Infrastructure; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Hosting; @@ -43,7 +42,7 @@ public static IServiceCollection AddLogic(this IServiceCollection services) services.AddTransient(); services.AddTransient(); services.AddTransient(); - services.AddTransient(); + services.AddTransient(); services.AddTransient(); services.AddTransient>(); @@ -72,8 +71,11 @@ public static IServiceCollection AddLogic(this IServiceCollection services) services.AddTransient>(); services.AddTransient>(); - services.AddTransient>(); - services.AddTransient>(); + services.AddTransient(); + services.AddTransient(); + services.AddTransient>(); + services.AddTransient>(); + services.AddTransient(); services.AddTransient(); services.AddTransient(); @@ -84,6 +86,13 @@ public static IServiceCollection AddLogic(this IServiceCollection services) services.AddTransient(); services.AddTransient(); + services.AddTransient(); + services.AddTransient(); + services.AddTransient(); + services.AddTransient(); + services.AddTransient(); + services.AddTransient(); + return services; } diff --git a/src/FoxIDs/Logic/Link/TrackLinkAuthDownLogic.cs b/src/FoxIDs/Logic/Link/TrackLinkAuthDownLogic.cs new file mode 100644 index 000000000..207024b6a --- /dev/null +++ b/src/FoxIDs/Logic/Link/TrackLinkAuthDownLogic.cs @@ -0,0 +1,127 @@ +using FoxIDs.Infrastructure; +using FoxIDs.Models; +using FoxIDs.Models.Logic; +using FoxIDs.Models.Sequences; +using FoxIDs.Models.Session; +using FoxIDs.Repository; +using ITfoxtec.Identity; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Identity.Client; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Security.Claims; +using System.Threading.Tasks; + +namespace FoxIDs.Logic +{ + public class TrackLinkAuthDownLogic : LogicSequenceBase + { + private readonly TelemetryScopedLogger logger; + private readonly IServiceProvider serviceProvider; + private readonly ITenantRepository tenantRepository; + private readonly SequenceLogic sequenceLogic; + private readonly ClaimTransformLogic claimTransformLogic; + private readonly ClaimsDownLogic claimsDownLogic; + + public TrackLinkAuthDownLogic(TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, SequenceLogic sequenceLogic, ClaimTransformLogic claimTransformLogic, ClaimsDownLogic claimsDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + { + this.logger = logger; + this.serviceProvider = serviceProvider; + this.tenantRepository = tenantRepository; + this.sequenceLogic = sequenceLogic; + this.claimTransformLogic = claimTransformLogic; + this.claimsDownLogic = claimsDownLogic; + } + + public async Task AuthRequestAsync(string partyId) + { + logger.ScopeTrace(() => "Down, Track link auth request."); + logger.SetScopeProperty(Constants.Logs.DownPartyId, partyId); + var party = await tenantRepository.GetAsync(partyId); + + var keySequenceString = HttpContext.Request.Query[Constants.Routes.KeySequenceKey]; + var keySequence = await sequenceLogic.ValidateSequenceAsync(keySequenceString, trackName: party.ToUpTrackName); + var keySequenceData = await sequenceLogic.ValidateKeySequenceDataAsync(keySequence, party.ToUpTrackName, remove: false); + if (party.ToUpPartyName != keySequenceData.KeyName) + { + throw new Exception($"Incorrect up-party name '{keySequenceData.KeyName}', expected up-party name '{party.ToUpPartyName}'."); + } + + await sequenceLogic.SaveSequenceDataAsync(new TrackLinkDownSequenceData { KeyName = party.Name, UpPartySequenceString = keySequenceString }); + + var toUpParties = RouteBinding.ToUpParties; + if (toUpParties.Count() == 1) + { + var toUpParty = toUpParties.First(); + logger.ScopeTrace(() => $"Request, Up type '{toUpParty:Type}'."); + switch (toUpParty.Type) + { + case PartyTypes.Login: + return await serviceProvider.GetService().LoginRedirectAsync(toUpParty, GetLoginRequest(party, keySequenceData)); + case PartyTypes.OAuth2: + throw new NotImplementedException(); + case PartyTypes.Oidc: + return await serviceProvider.GetService>().AuthenticationRequestRedirectAsync(toUpParty, GetLoginRequest(party, keySequenceData)); + case PartyTypes.Saml2: + return await serviceProvider.GetService().AuthnRequestRedirectAsync(toUpParty, GetLoginRequest(party, keySequenceData)); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().AuthRequestAsync(toUpParty, GetLoginRequest(party, keySequenceData)); + + default: + throw new NotSupportedException($"Party type '{toUpParty.Type}' not supported."); + } + } + else + { + return await serviceProvider.GetService().LoginRedirectAsync(GetLoginRequest(party, keySequenceData)); + } + } + + private LoginRequest GetLoginRequest(TrackLinkDownParty party, TrackLinkUpSequenceData keySequenceData) + { + return new LoginRequest + { + DownPartyLink = new DownPartySessionLink { SupportSingleLogout = true, Id = party.Id, Type = party.Type }, + LoginAction = keySequenceData.LoginAction, + UserId = keySequenceData.UserId, + MaxAge = keySequenceData.MaxAge, + EmailHint = keySequenceData.LoginEmailHint, + Acr = keySequenceData.Acr + }; + } + + public async Task AuthResponseAsync(string partyId, List claims, string error = null, string errorDescription = null) + { + logger.ScopeTrace(() => "Down, Track link auth response."); + logger.SetScopeProperty(Constants.Logs.DownPartyId, partyId); + var party = await tenantRepository.GetAsync(partyId); + + var sequenceData = await sequenceLogic.GetSequenceDataAsync(remove: false); + + if (error.IsNullOrEmpty()) + { + logger.ScopeTrace(() => $"Down, Track link received JWT claims '{claims.ToFormattedString()}'", traceType: TraceTypes.Claim); + claims = await claimTransformLogic.Transform(party.ClaimTransforms?.ConvertAll(t => (ClaimTransform)t), claims); + logger.ScopeTrace(() => $"Down, Track link output / Up, Track link received - JWT claims '{claims.ToFormattedString()}'", traceType: TraceTypes.Claim); + + claims = await claimsDownLogic.FilterJwtClaimsAsync(claimsDownLogic.GetFilterClaimTypes(party.Claims), claims); + + var clientClaims = claimsDownLogic.GetClientJwtClaims(party.Claims); + if (clientClaims?.Count() > 0) + { + claims.AddRange(clientClaims); + } + } + + sequenceData.Claims = claims?.ToClaimAndValues(); + sequenceData.Error = error; + sequenceData.ErrorDescription = errorDescription; + await sequenceLogic.SaveSequenceDataAsync(sequenceData, setKeyValidUntil: true); + + return HttpContext.GetTrackUpPartyUrl(party.ToUpTrackName, party.ToUpPartyName, Constants.Routes.TrackLinkController, Constants.Endpoints.TrackLinkAuthResponse, includeKeySequence: true).ToRedirectResult(); + } + } +} diff --git a/src/FoxIDs/Logic/Link/TrackLinkAuthUpLogic.cs b/src/FoxIDs/Logic/Link/TrackLinkAuthUpLogic.cs new file mode 100644 index 000000000..05688e353 --- /dev/null +++ b/src/FoxIDs/Logic/Link/TrackLinkAuthUpLogic.cs @@ -0,0 +1,135 @@ +using FoxIDs.Infrastructure; +using FoxIDs.Logic.Tracks; +using FoxIDs.Models; +using FoxIDs.Models.Logic; +using FoxIDs.Models.Sequences; +using FoxIDs.Repository; +using ITfoxtec.Identity; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.DependencyInjection; +using Newtonsoft.Json.Linq; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Security.Claims; +using System.Threading.Tasks; + +namespace FoxIDs.Logic +{ + public class TrackLinkAuthUpLogic : LogicSequenceBase + { + private readonly TelemetryScopedLogger logger; + private readonly IServiceProvider serviceProvider; + private readonly ITenantRepository tenantRepository; + private readonly SequenceLogic sequenceLogic; + private readonly HrdLogic hrdLogic; + private readonly SessionUpPartyLogic sessionUpPartyLogic; + private readonly ClaimTransformLogic claimTransformLogic; + private readonly ClaimValidationLogic claimValidationLogic; + + public TrackLinkAuthUpLogic(TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, SequenceLogic sequenceLogic, HrdLogic hrdLogic, SessionUpPartyLogic sessionUpPartyLogic, ClaimTransformLogic claimTransformLogic, ClaimValidationLogic claimValidationLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + { + this.logger = logger; + this.serviceProvider = serviceProvider; + this.tenantRepository = tenantRepository; + this.sequenceLogic = sequenceLogic; + this.hrdLogic = hrdLogic; + this.sessionUpPartyLogic = sessionUpPartyLogic; + this.claimTransformLogic = claimTransformLogic; + this.claimValidationLogic = claimValidationLogic; + } + + public async Task AuthRequestAsync(UpPartyLink partyLink, LoginRequest loginRequest, string hrdLoginUpPartyName = null) + { + logger.ScopeTrace(() => "Up, Track link auth request."); + var partyId = await UpParty.IdFormatAsync(RouteBinding, partyLink.Name); + logger.SetScopeProperty(Constants.Logs.UpPartyId, partyId); + + await loginRequest.ValidateObjectAsync(); + + var party = await tenantRepository.GetAsync(partyId); + + await sequenceLogic.SaveSequenceDataAsync(new TrackLinkUpSequenceData + { + KeyName = partyLink.Name, + DownPartyLink = loginRequest.DownPartyLink, + HrdLoginUpPartyName = hrdLoginUpPartyName, + UpPartyId = partyId, + LoginAction = loginRequest.LoginAction, + UserId = loginRequest.UserId, + MaxAge = loginRequest.MaxAge, + LoginEmailHint = loginRequest.EmailHint, + Acr = loginRequest.Acr, + }, setKeyValidUntil: true); + + return HttpContext.GetTrackDownPartyUrl(party.ToDownTrackName, party.ToDownPartyName, party.SelectedUpParties, Constants.Routes.TrackLinkController, Constants.Endpoints.TrackLinkAuthRequest, includeKeySequence: true).ToRedirectResult(); + } + + public async Task AuthResponseAsync(string partyId) + { + logger.ScopeTrace(() => "Down, Track link auth response."); + logger.SetScopeProperty(Constants.Logs.DownPartyId, partyId); + var party = await tenantRepository.GetAsync(partyId); + + var keySequenceString = HttpContext.Request.Query[Constants.Routes.KeySequenceKey]; + var keySequence = await sequenceLogic.ValidateSequenceAsync(keySequenceString, trackName: party.ToDownTrackName); + var keySequenceData = await sequenceLogic.ValidateKeySequenceDataAsync(keySequence, party.ToDownTrackName); + if (party.ToDownPartyName != keySequenceData.KeyName) + { + throw new Exception($"Incorrect down-party name '{keySequenceData.KeyName}', expected down-party name '{party.ToDownPartyName}'."); + } + + await sequenceLogic.ValidateAndSetSequenceAsync(keySequenceData.UpPartySequenceString); + var sequenceData = await sequenceLogic.GetSequenceDataAsync(); + + List claims = keySequenceData.Claims?.ToClaimList(); + if (keySequenceData.Error.IsNullOrEmpty()) + { + var externalSessionId = claims.FindFirstOrDefaultValue(c => c.Type == JwtClaimTypes.SessionId); + externalSessionId.ValidateMaxLength(IdentityConstants.MessageLength.SessionIdMax, nameof(externalSessionId), "Session state or claim"); + claims = claims.Where(c => c.Type != JwtClaimTypes.SessionId && c.Type != Constants.JwtClaimTypes.UpParty && c.Type != Constants.JwtClaimTypes.UpPartyType).ToList(); + claims.AddClaim(Constants.JwtClaimTypes.UpParty, party.Name); + claims.AddClaim(Constants.JwtClaimTypes.UpPartyType, party.Type.ToString().ToLower()); + + var transformedClaims = await claimTransformLogic.Transform(party.ClaimTransforms?.ConvertAll(t => (ClaimTransform)t), claims); + claims = claimValidationLogic.ValidateUpPartyClaims(party.Claims, transformedClaims); + logger.ScopeTrace(() => $"Up, Track link output JWT claims '{claims.ToFormattedString()}'", traceType: TraceTypes.Claim); + + var sessionId = await sessionUpPartyLogic.CreateOrUpdateSessionAsync(party, party.DisableSingleLogout ? null : sequenceData.DownPartyLink, claims, externalSessionId); + if (!sessionId.IsNullOrEmpty()) + { + claims.AddClaim(JwtClaimTypes.SessionId, sessionId); + } + + if (!sequenceData.HrdLoginUpPartyName.IsNullOrEmpty()) + { + await hrdLogic.SaveHrdSelectionAsync(sequenceData.HrdLoginUpPartyName, sequenceData.UpPartyId.PartyIdToName(), PartyTypes.TrackLink); + } + } + + switch (sequenceData.DownPartyLink.Type) + { + case PartyTypes.OAuth2: + throw new NotImplementedException(); + case PartyTypes.Oidc: + if (keySequenceData.Error.IsNullOrEmpty()) + { + return await serviceProvider.GetService>().AuthenticationResponseAsync(sequenceData.DownPartyLink.Id, claims); + } + else + { + return await serviceProvider.GetService>().AuthenticationResponseErrorAsync(sequenceData.DownPartyLink.Id, keySequenceData.Error, keySequenceData.ErrorDescription); + } + case PartyTypes.Saml2: + var claimsLogic = serviceProvider.GetService>(); + return await serviceProvider.GetService().AuthnResponseAsync(sequenceData.DownPartyLink.Id, SamlConvertLogic.ErrorToSamlStatus(keySequenceData.Error), claims != null ? await claimsLogic.FromJwtToSamlClaimsAsync(claims) : null); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().AuthResponseAsync(sequenceData.DownPartyLink.Id, claims, keySequenceData.Error, keySequenceData.ErrorDescription); + + default: + throw new NotSupportedException(); + } + } + } +} diff --git a/src/FoxIDs/Logic/Link/TrackLinkFrontChannelLogoutDownLogic.cs b/src/FoxIDs/Logic/Link/TrackLinkFrontChannelLogoutDownLogic.cs new file mode 100644 index 000000000..92b260dc8 --- /dev/null +++ b/src/FoxIDs/Logic/Link/TrackLinkFrontChannelLogoutDownLogic.cs @@ -0,0 +1,81 @@ +using FoxIDs.Infrastructure; +using FoxIDs.Models; +using FoxIDs.Models.Sequences; +using FoxIDs.Repository; +using ITfoxtec.Identity; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; + +namespace FoxIDs.Logic +{ + public class TrackLinkFrontChannelLogoutDownLogic : LogicSequenceBase + { + private readonly TelemetryScopedLogger logger; + private readonly ITenantRepository tenantRepository; + private readonly SecurityHeaderLogic securityHeaderLogic; + private readonly SequenceLogic sequenceLogic; + private readonly SingleLogoutDownLogic singleLogoutDownLogic; + + public TrackLinkFrontChannelLogoutDownLogic(TelemetryScopedLogger logger, ITenantRepository tenantRepository, SecurityHeaderLogic securityHeaderLogic, SequenceLogic sequenceLogic, SingleLogoutDownLogic singleLogoutDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + { + this.logger = logger; + this.tenantRepository = tenantRepository; + this.securityHeaderLogic = securityHeaderLogic; + this.sequenceLogic = sequenceLogic; + this.singleLogoutDownLogic = singleLogoutDownLogic; + } + + public async Task LogoutRequestAsync(IEnumerable partyIds, SingleLogoutSequenceData sequenceData, bool hostedInIframe, bool doSamlLogoutInIframe) + { + logger.ScopeTrace(() => "Down, Track link front channel logout request."); + + TrackLinkDownParty firstParty = null; + var partyNames = new List(); + var partyLogoutUrls = new List(); + foreach (var partyId in partyIds) + { + var party = await tenantRepository.GetAsync(partyId); + firstParty = party; + + partyNames.Add(party.Name); + var frontChannelLogoutUri = HttpContext.GetTrackUpPartyUrl(party.ToUpTrackName, party.ToUpPartyName, Constants.Routes.TrackLinkController, Constants.Endpoints.FrontChannelLogout, includeKeySequence: true); + partyLogoutUrls.Add(frontChannelLogoutUri); + } + + if (partyLogoutUrls.Count() <= 0 || partyNames.Count() <= 0 || firstParty == null) + { + throw new InvalidOperationException("Unable to complete front channel logout. Please close the browser to logout."); + } + + await sequenceLogic.SaveSequenceDataAsync(new TrackLinkDownSequenceData { KeyNames = partyNames, Claims = sequenceData.Claims }, setKeyValidUntil: true); + + if (doSamlLogoutInIframe) + { + securityHeaderLogic.AddFrameSrcAllowAll(); + // Start SAML logout + partyLogoutUrls.Add(GetFrontChannelLogoutDoneUrl(sequenceData, firstParty)); + } + else + { + securityHeaderLogic.AddFrameSrcUrls(partyLogoutUrls); + } + string redirectUrl = hostedInIframe ? null : GetFrontChannelLogoutDoneUrl(sequenceData, firstParty); + return partyLogoutUrls.ToHtmIframePage(redirectUrl, "FoxIDs").ToContentResult(); + } + + private string GetFrontChannelLogoutDoneUrl(SingleLogoutSequenceData sequenceData, TrackLinkDownParty firstParty) + { + return HttpContext.GetDownPartyUrl(firstParty.Name, sequenceData.UpPartyName, Constants.Routes.TrackLinkController, Constants.Endpoints.FrontChannelLogoutDone, includeSequence: true, firstParty.PartyBindingPattern); + } + + public Task LogoutDoneAsync() + { + logger.ScopeTrace(() => "Down, Track link front channel logout done."); + return singleLogoutDownLogic.HandleSingleLogoutAsync(); + } + } +} diff --git a/src/FoxIDs/Logic/Link/TrackLinkFrontChannelLogoutUpLogic.cs b/src/FoxIDs/Logic/Link/TrackLinkFrontChannelLogoutUpLogic.cs new file mode 100644 index 000000000..f6e043a35 --- /dev/null +++ b/src/FoxIDs/Logic/Link/TrackLinkFrontChannelLogoutUpLogic.cs @@ -0,0 +1,71 @@ +using FoxIDs.Infrastructure; +using FoxIDs.Logic.Tracks; +using FoxIDs.Models; +using FoxIDs.Models.Sequences; +using FoxIDs.Repository; +using ITfoxtec.Identity; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; + +namespace FoxIDs.Logic +{ + public class TrackLinkFrontChannelLogoutUpLogic : LogicSequenceBase + { + private readonly TelemetryScopedLogger logger; + private readonly ITenantRepository tenantRepository; + private readonly SequenceLogic sequenceLogic; + private readonly SessionUpPartyLogic sessionUpPartyLogic; + private readonly HrdLogic hrdLogic; + private readonly SingleLogoutDownLogic singleLogoutDownLogic; + + public TrackLinkFrontChannelLogoutUpLogic(TelemetryScopedLogger logger, ITenantRepository tenantRepository, SequenceLogic sequenceLogic, SessionUpPartyLogic sessionUpPartyLogic, HrdLogic hrdLogic, SingleLogoutDownLogic singleLogoutDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + { + this.logger = logger; + this.tenantRepository = tenantRepository; + this.sequenceLogic = sequenceLogic; + this.sessionUpPartyLogic = sessionUpPartyLogic; + this.hrdLogic = hrdLogic; + this.singleLogoutDownLogic = singleLogoutDownLogic; + } + + public async Task FrontChannelLogoutAsync(string partyId) + { + logger.ScopeTrace(() => "Up, Track link front channel logout."); + logger.SetScopeProperty(Constants.Logs.UpPartyId, partyId); + var party = await tenantRepository.GetAsync(partyId); + + var keySequenceString = HttpContext.Request.Query[Constants.Routes.KeySequenceKey]; + var keySequence = await sequenceLogic.ValidateSequenceAsync(keySequenceString, trackName: party.ToDownTrackName); + var keySequenceData = await sequenceLogic.ValidateKeySequenceDataAsync(keySequence, party.ToDownTrackName, remove: false); + if (!keySequenceData.KeyNames.Where(k => k == party.ToDownPartyName).Any()) + { + throw new Exception($"Incorrect down-party key names, expected down-party name '{party.ToDownPartyName}'."); + } + + await hrdLogic.DeleteHrdSelectionBySelectedUpPartyAsync(party.Name); + var session = await sessionUpPartyLogic.DeleteSessionAsync(party); + logger.ScopeTrace(() => "Up, Successful track link front channel logout request.", triggerEvent: true); + if (session != null) + { + var _ = await sessionUpPartyLogic.DeleteSessionAsync(party, session); + + if (!party.DisableSingleLogout) + { + var frontChannelLogoutUri = HttpContext.GetTrackUpPartyUrl(RouteBinding.TrackName, party.Name, Constants.Routes.TrackLinkController, Constants.Endpoints.FrontChannelLogout); + var allowIframeOnDomains = new List { frontChannelLogoutUri.UrlToDomain() }; + (var doSingleLogout, var singleLogoutSequenceData) = await singleLogoutDownLogic.InitializeSingleLogoutAsync(new UpPartyLink { Name = party.Name, Type = party.Type }, null, session.DownPartyLinks, session.Claims, allowIframeOnDomains, hostedInIframe: true); + if (doSingleLogout) + { + return await singleLogoutDownLogic.StartSingleLogoutAsync(singleLogoutSequenceData); + } + } + } + + return new OkResult(); + } + } +} diff --git a/src/FoxIDs/Logic/Link/TrackLinkRpInitiatedLogoutDownLogic.cs b/src/FoxIDs/Logic/Link/TrackLinkRpInitiatedLogoutDownLogic.cs new file mode 100644 index 000000000..18858770a --- /dev/null +++ b/src/FoxIDs/Logic/Link/TrackLinkRpInitiatedLogoutDownLogic.cs @@ -0,0 +1,94 @@ +using FoxIDs.Infrastructure; +using FoxIDs.Logic.Tracks; +using FoxIDs.Models; +using FoxIDs.Models.Logic; +using FoxIDs.Models.Sequences; +using FoxIDs.Models.Session; +using FoxIDs.Repository; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.DependencyInjection; +using System; +using System.Threading.Tasks; + +namespace FoxIDs.Logic +{ + public class TrackLinkRpInitiatedLogoutDownLogic : LogicSequenceBase + { + private readonly TelemetryScopedLogger logger; + private readonly IServiceProvider serviceProvider; + private readonly ITenantRepository tenantRepository; + private readonly SequenceLogic sequenceLogic; + private readonly HrdLogic hrdLogic; + + public TrackLinkRpInitiatedLogoutDownLogic(TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, SequenceLogic sequenceLogic, HrdLogic hrdLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + { + this.logger = logger; + this.serviceProvider = serviceProvider; + this.tenantRepository = tenantRepository; + this.sequenceLogic = sequenceLogic; + this.hrdLogic = hrdLogic; + } + + public async Task LogoutRequestAsync(string partyId) + { + logger.ScopeTrace(() => "Down, Track link RP initiated logout request."); + logger.SetScopeProperty(Constants.Logs.DownPartyId, partyId); + var party = await tenantRepository.GetAsync(partyId); + + var keySequenceString = HttpContext.Request.Query[Constants.Routes.KeySequenceKey]; + var keySequence = await sequenceLogic.ValidateSequenceAsync(keySequenceString, trackName: party.ToUpTrackName); + var keySequenceData = await sequenceLogic.ValidateKeySequenceDataAsync(keySequence, party.ToUpTrackName, remove: false); + if (party.ToUpPartyName != keySequenceData.KeyName) + { + throw new Exception($"Incorrect up-party name '{keySequenceData.KeyName}', expected up-party name '{party.ToUpPartyName}'."); + } + + await sequenceLogic.SaveSequenceDataAsync(new TrackLinkDownSequenceData { KeyName = party.Name, UpPartySequenceString = keySequenceString }); + + var toUpParty = await hrdLogic.GetUpPartyAndDeleteHrdSelectionAsync(); + logger.ScopeTrace(() => $"Request, Up type '{toUpParty.Type}'."); + switch (toUpParty.Type) + { + case PartyTypes.Login: + return await serviceProvider.GetService().LogoutRedirect(toUpParty, GetLogoutRequest(party, keySequenceData.SessionId, keySequenceData.RequireLogoutConsent)); + case PartyTypes.OAuth2: + throw new NotImplementedException(); + case PartyTypes.Oidc: + return await serviceProvider.GetService>().EndSessionRequestRedirectAsync(toUpParty, GetLogoutRequest(party, keySequenceData.SessionId, keySequenceData.RequireLogoutConsent)); + case PartyTypes.Saml2: + return await serviceProvider.GetService().LogoutRequestRedirectAsync(toUpParty, GetLogoutRequest(party, keySequenceData.SessionId, keySequenceData.RequireLogoutConsent)); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().LogoutRequestRedirectAsync(toUpParty, GetLogoutRequest(party, keySequenceData.SessionId, keySequenceData.RequireLogoutConsent)); + + default: + throw new NotSupportedException($"Party type '{toUpParty.Type}' not supported."); + } + } + + private LogoutRequest GetLogoutRequest(TrackLinkDownParty party, string sessionId, bool requireLogoutConsent) + { + var logoutRequest = new LogoutRequest + { + DownPartyLink = new DownPartySessionLink { SupportSingleLogout = true, Id = party.Id, Type = party.Type }, + SessionId = sessionId, + RequireLogoutConsent = requireLogoutConsent, + PostLogoutRedirect = true + }; + + return logoutRequest; + } + + public async Task LogoutResponseAsync(string partyId) + { + logger.ScopeTrace(() => "Down, Track link RP initiated logout response."); + logger.SetScopeProperty(Constants.Logs.DownPartyId, partyId); + var party = await tenantRepository.GetAsync(partyId); + + var sequenceData = await sequenceLogic.GetSequenceDataAsync(remove: false); + await sequenceLogic.SaveSequenceDataAsync(sequenceData, setKeyValidUntil: true); + + return HttpContext.GetTrackUpPartyUrl(party.ToUpTrackName, party.ToUpPartyName, Constants.Routes.TrackLinkController, Constants.Endpoints.TrackLinkRpLogoutResponse, includeKeySequence: true).ToRedirectResult(); + } + } +} diff --git a/src/FoxIDs/Logic/Link/TrackLinkRpInitiatedLogoutUpLogic.cs b/src/FoxIDs/Logic/Link/TrackLinkRpInitiatedLogoutUpLogic.cs new file mode 100644 index 000000000..87b008d32 --- /dev/null +++ b/src/FoxIDs/Logic/Link/TrackLinkRpInitiatedLogoutUpLogic.cs @@ -0,0 +1,156 @@ +using FoxIDs.Infrastructure; +using FoxIDs.Models; +using FoxIDs.Models.Logic; +using FoxIDs.Models.Sequences; +using FoxIDs.Repository; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.DependencyInjection; +using System; +using System.Threading.Tasks; + +namespace FoxIDs.Logic +{ + public class TrackLinkRpInitiatedLogoutUpLogic : LogicSequenceBase + { + private readonly TelemetryScopedLogger logger; + private readonly IServiceProvider serviceProvider; + private readonly ITenantRepository tenantRepository; + private readonly SequenceLogic sequenceLogic; + private readonly SessionUpPartyLogic sessionUpPartyLogic; + private readonly SingleLogoutDownLogic singleLogoutDownLogic; + + public TrackLinkRpInitiatedLogoutUpLogic(TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, SequenceLogic sequenceLogic, SessionUpPartyLogic sessionUpPartyLogic, SingleLogoutDownLogic singleLogoutDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + { + this.logger = logger; + this.serviceProvider = serviceProvider; + this.tenantRepository = tenantRepository; + this.sequenceLogic = sequenceLogic; + this.sessionUpPartyLogic = sessionUpPartyLogic; + this.singleLogoutDownLogic = singleLogoutDownLogic; + } + + public async Task LogoutRequestRedirectAsync(UpPartyLink partyLink, LogoutRequest logoutRequest) + { + logger.ScopeTrace(() => "Up, Track link RP initiated logout request redirect."); + var partyId = await UpParty.IdFormatAsync(RouteBinding, partyLink.Name); + logger.SetScopeProperty(Constants.Logs.UpPartyId, partyId); + + await logoutRequest.ValidateObjectAsync(); + + var party = await tenantRepository.GetAsync(partyId); + + await sequenceLogic.SaveSequenceDataAsync(new TrackLinkUpSequenceData + { + KeyName = partyLink.Name, + DownPartyLink = logoutRequest.DownPartyLink, + UpPartyId = partyId, + SessionId = logoutRequest.SessionId, + RequireLogoutConsent = logoutRequest.RequireLogoutConsent + }); + + return HttpContext.GetUpPartyUrl(partyLink.Name, Constants.Routes.TrackLinkController, Constants.Endpoints.UpJump.TrackLinkRpLogoutRequestJump, includeSequence: true, partyBindingPattern: party.PartyBindingPattern).ToRedirectResult(); + } + + public async Task LogoutRequestAsync(string partyId) + { + logger.ScopeTrace(() => "Up, Track link RP initiated logout request."); + var oidcUpSequenceData = await sequenceLogic.GetSequenceDataAsync(remove: false); + if (!oidcUpSequenceData.UpPartyId.Equals(partyId, StringComparison.Ordinal)) + { + throw new Exception("Invalid up-party id."); + } + logger.SetScopeProperty(Constants.Logs.UpPartyId, oidcUpSequenceData.UpPartyId); + + var party = await tenantRepository.GetAsync(oidcUpSequenceData.UpPartyId); + + var session = await sessionUpPartyLogic.GetSessionAsync(party); + if (session == null) + { + return await SingleLogoutDone(party.Id); + } + else + { + _ = await sessionUpPartyLogic.DeleteSessionAsync(party, session); + oidcUpSequenceData.SessionId = session.ExternalSessionId; + } + + await sequenceLogic.SaveSequenceDataAsync(oidcUpSequenceData, setKeyValidUntil: true); + + return HttpContext.GetTrackDownPartyUrl(party.ToDownTrackName, party.ToDownPartyName, party.SelectedUpParties, Constants.Routes.TrackLinkController, Constants.Endpoints.TrackLinkRpLogoutRequest, includeKeySequence: true).ToRedirectResult(); + } + + public async Task SingleLogoutDone(string partyId) + { + var sequenceData = await sequenceLogic.GetSequenceDataAsync(remove: true); + if (!sequenceData.UpPartyId.Equals(partyId, StringComparison.Ordinal)) + { + throw new Exception("Invalid up-party id."); + } + return await LogoutResponseDownAsync(sequenceData); + } + + public async Task LogoutResponseAsync(string partyId) + { + logger.ScopeTrace(() => "Down, Track link RP initiated logout response."); + logger.SetScopeProperty(Constants.Logs.DownPartyId, partyId); + var party = await tenantRepository.GetAsync(partyId); + + var keySequenceString = HttpContext.Request.Query[Constants.Routes.KeySequenceKey]; + var keySequence = await sequenceLogic.ValidateSequenceAsync(keySequenceString, trackName: party.ToDownTrackName); + var keySequenceData = await sequenceLogic.ValidateKeySequenceDataAsync(keySequence, party.ToDownTrackName); + if (party.ToDownPartyName != keySequenceData.KeyName) + { + throw new Exception($"Incorrect down-party name '{keySequenceData.KeyName}', expected down-party name '{party.ToDownPartyName}'."); + } + + await sequenceLogic.ValidateAndSetSequenceAsync(keySequenceData.UpPartySequenceString); + var sequenceData = await sequenceLogic.GetSequenceDataAsync(remove: party.DisableSingleLogout); + + + if (party.DisableSingleLogout) + { + return await LogoutResponseDownAsync(sequenceData); + } + else + { + (var doSingleLogout, var singleLogoutSequenceData) = await singleLogoutDownLogic.InitializeSingleLogoutAsync(new UpPartyLink { Name = party.Name, Type = party.Type }, sequenceData.DownPartyLink, sequenceData.SessionDownPartyLinks, sequenceData.SessionClaims); + if (doSingleLogout) + { + return await singleLogoutDownLogic.StartSingleLogoutAsync(singleLogoutSequenceData); + } + else + { + await sequenceLogic.RemoveSequenceDataAsync(); + return await LogoutResponseDownAsync(sequenceData); + } + } + } + + public async Task LogoutResponseDownAsync(TrackLinkUpSequenceData sequenceData) + { + try + { + logger.ScopeTrace(() => $"Response, Down type {sequenceData.DownPartyLink.Type}."); + switch (sequenceData.DownPartyLink.Type) + { + case PartyTypes.OAuth2: + throw new NotImplementedException(); + case PartyTypes.Oidc: + return await serviceProvider.GetService>().EndSessionResponseAsync(sequenceData.DownPartyLink.Id); + case PartyTypes.Saml2: + return await serviceProvider.GetService().LogoutResponseAsync(sequenceData.DownPartyLink.Id, sessionIndex: sequenceData.SessionId); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().LogoutResponseAsync(sequenceData.DownPartyLink.Id); + + default: + throw new NotSupportedException(); + } + } + catch (Exception ex) + { + throw new StopSequenceException("Falling logout response down", ex); + } + } + } +} diff --git a/src/FoxIDs/Logic/FailingLoginLogic.cs b/src/FoxIDs/Logic/Login/FailingLoginLogic.cs similarity index 100% rename from src/FoxIDs/Logic/FailingLoginLogic.cs rename to src/FoxIDs/Logic/Login/FailingLoginLogic.cs diff --git a/src/FoxIDs/Logic/LoginPageLogic.cs b/src/FoxIDs/Logic/Login/LoginPageLogic.cs similarity index 91% rename from src/FoxIDs/Logic/LoginPageLogic.cs rename to src/FoxIDs/Logic/Login/LoginPageLogic.cs index ec12de827..646ef895d 100644 --- a/src/FoxIDs/Logic/LoginPageLogic.cs +++ b/src/FoxIDs/Logic/Login/LoginPageLogic.cs @@ -11,7 +11,6 @@ using System.Linq; using FoxIDs.Models.Session; using ITfoxtec.Identity.Util; -using System.Collections; using FoxIDs.Models.Logic; namespace FoxIDs.Logic @@ -178,10 +177,18 @@ private async Task> GetClaimsAsync(LoginUpParty party, User user, lo { claims.AddRange(user.Claims.ToClaimList()); } - logger.ScopeTrace(() => $"Up, OIDC created JWT claims '{claims.ToFormattedString()}'", traceType: TraceTypes.Claim); + logger.ScopeTrace(() => $"Up, Login created JWT claims '{claims.ToFormattedString()}'", traceType: TraceTypes.Claim); var transformedClaims = await claimTransformLogic.Transform(party.ClaimTransforms?.ConvertAll(t => (ClaimTransform)t), claims); - logger.ScopeTrace(() => $"Up, OIDC output JWT claims '{transformedClaims.ToFormattedString()}'", traceType: TraceTypes.Claim); + logger.ScopeTrace(() => $"Up, Login output JWT claims '{transformedClaims.ToFormattedString()}'", traceType: TraceTypes.Claim); + return transformedClaims; + } + + public async Task> GetCreateUserTransformedClaimsAsync(LoginUpParty party, List claims) + { + logger.ScopeTrace(() => $"Up, Create user created JWT claims '{claims.ToFormattedString()}'", traceType: TraceTypes.Claim); + var transformedClaims = await claimTransformLogic.Transform(party.CreateUser.ClaimTransforms?.ConvertAll(t => (ClaimTransform)t), claims); + logger.ScopeTrace(() => $"Up, Create user output JWT claims '{transformedClaims.ToFormattedString()}'", traceType: TraceTypes.Claim); return transformedClaims; } } diff --git a/src/FoxIDs/Logic/LoginUpLogic.cs b/src/FoxIDs/Logic/Login/LoginUpLogic.cs similarity index 96% rename from src/FoxIDs/Logic/LoginUpLogic.cs rename to src/FoxIDs/Logic/Login/LoginUpLogic.cs index 240ba2cff..ad1fb7b09 100644 --- a/src/FoxIDs/Logic/LoginUpLogic.cs +++ b/src/FoxIDs/Logic/Login/LoginUpLogic.cs @@ -85,10 +85,11 @@ public async Task LoginRedirectAsync(LoginRequest loginRequest) case PartyTypes.OAuth2: throw new NotImplementedException(); case PartyTypes.Oidc: - //sessionHrdUpParty. return await serviceProvider.GetService>().AuthenticationRequestRedirectAsync(autoSelectedUpParty, loginRequest, hrdLoginUpPartyName: loginName); case PartyTypes.Saml2: return await serviceProvider.GetService().AuthnRequestRedirectAsync(autoSelectedUpParty, loginRequest, hrdLoginUpPartyName: loginName); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().AuthRequestAsync(autoSelectedUpParty, loginRequest, hrdLoginUpPartyName: loginName); default: throw new NotSupportedException($"Party type '{autoSelectedUpParty.Type}' not supported."); } @@ -181,6 +182,8 @@ public async Task LoginResponseAsync(List claims) case PartyTypes.Saml2: claims.AddClaim(Constants.JwtClaimTypes.SubFormat, NameIdentifierFormats.Persistent.OriginalString); return await serviceProvider.GetService().AuthnResponseAsync(sequenceData.DownPartyLink.Id, jwtClaims: claims); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().AuthResponseAsync(sequenceData.DownPartyLink.Id, claims); default: throw new NotSupportedException(); diff --git a/src/FoxIDs/Logic/LogoutUpLogic.cs b/src/FoxIDs/Logic/Login/LogoutUpLogic.cs similarity index 93% rename from src/FoxIDs/Logic/LogoutUpLogic.cs rename to src/FoxIDs/Logic/Login/LogoutUpLogic.cs index bbed076be..cddcf5259 100644 --- a/src/FoxIDs/Logic/LogoutUpLogic.cs +++ b/src/FoxIDs/Logic/Login/LogoutUpLogic.cs @@ -58,6 +58,8 @@ public async Task LogoutResponseAsync(LoginUpSequenceData sequenc return await serviceProvider.GetService>().EndSessionResponseAsync(sequenceData.DownPartyLink.Id); case PartyTypes.Saml2: return await serviceProvider.GetService().LogoutResponseAsync(sequenceData.DownPartyLink.Id, sessionIndex: sequenceData.SessionId); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().LogoutResponseAsync(sequenceData.DownPartyLink.Id); default: throw new NotSupportedException(); diff --git a/src/FoxIDs/Logic/SingleLogoutDownLogic.cs b/src/FoxIDs/Logic/Login/SingleLogoutDownLogic.cs similarity index 87% rename from src/FoxIDs/Logic/SingleLogoutDownLogic.cs rename to src/FoxIDs/Logic/Login/SingleLogoutDownLogic.cs index 4d2dba755..f3e5013e1 100644 --- a/src/FoxIDs/Logic/SingleLogoutDownLogic.cs +++ b/src/FoxIDs/Logic/Login/SingleLogoutDownLogic.cs @@ -78,16 +78,24 @@ public async Task HandleSingleLogoutAsync(SingleLogoutSequenceDat } var samlDownPartyId = sequenceData.DownPartyLinks.Where(p => p.Type == PartyTypes.Saml2).Select(p => p.Id).FirstOrDefault(); + var doSamlLogoutInIframe = sequenceData.HostedInIframe && samlDownPartyId != null; var oidcDownPartyIds = sequenceData.DownPartyLinks.Where(p => p.Type == PartyTypes.Oidc).Select(p => p.Id); if (oidcDownPartyIds.Count() > 0) { sequenceData.DownPartyLinks = sequenceData.DownPartyLinks.Where(p => p.Type != PartyTypes.Oidc); await sequenceLogic.SaveSequenceDataAsync(sequenceData); - var doSamlLogoutInIframe = sequenceData.HostedInIframe && samlDownPartyId != null; return await serviceProvider.GetService>().LogoutRequestAsync(oidcDownPartyIds, sequenceData, sequenceData.HostedInIframe, doSamlLogoutInIframe); } + var trackLinkDownPartyIds = sequenceData.DownPartyLinks.Where(p => p.Type == PartyTypes.TrackLink).Select(p => p.Id); + if (trackLinkDownPartyIds.Count() > 0) + { + sequenceData.DownPartyLinks = sequenceData.DownPartyLinks.Where(p => p.Type != PartyTypes.TrackLink); + await sequenceLogic.SaveSequenceDataAsync(sequenceData); + return await serviceProvider.GetService().LogoutRequestAsync(trackLinkDownPartyIds, sequenceData, sequenceData.HostedInIframe, doSamlLogoutInIframe); + } + if (samlDownPartyId != null) { sequenceData.DownPartyLinks = sequenceData.DownPartyLinks.Where(p => p.Id != samlDownPartyId); @@ -124,6 +132,8 @@ private async Task ResponseUpPartyAsync(string upPartyName, Party case PartyTypes.Saml2: var samlUpParty = await tenantRepository.GetAsync(partyId); return HttpContext.GetUpPartyUrl(upPartyName, Constants.Routes.SamlController, Constants.Endpoints.SingleLogoutDone, includeSequence: true, partyBindingPattern: samlUpParty.PartyBindingPattern).ToRedirectResult(); + case PartyTypes.TrackLink: + return HttpContext.GetUpPartyUrl(upPartyName, Constants.Routes.TrackLinkController, Constants.Endpoints.SingleLogoutDone, includeSequence: true).ToRedirectResult(); default: throw new NotSupportedException(); diff --git a/src/FoxIDs/Logic/OAuth/JwtDownLogic.cs b/src/FoxIDs/Logic/OAuth/JwtDownLogic.cs index 8cd3428a1..0057937b7 100644 --- a/src/FoxIDs/Logic/OAuth/JwtDownLogic.cs +++ b/src/FoxIDs/Logic/OAuth/JwtDownLogic.cs @@ -17,15 +17,15 @@ public class JwtDownLogic : LogicSequenceBase where TCl private readonly TelemetryScopedLogger logger; private readonly TrackKeyLogic trackKeyLogic; private readonly TrackIssuerLogic trackIssuerLogic; - private readonly ClaimsDownLogic claimsDownLogic; + private readonly ClaimsOAuthDownLogic claimsOAuthDownLogic; private readonly OAuthResourceScopeDownLogic oauthResourceScopeDownLogic; - public JwtDownLogic(TelemetryScopedLogger logger, TrackKeyLogic trackKeyLogic, TrackIssuerLogic trackIssuerLogic, ClaimsDownLogic claimsDownLogic, OAuthResourceScopeDownLogic oauthResourceScopeDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + public JwtDownLogic(TelemetryScopedLogger logger, TrackKeyLogic trackKeyLogic, TrackIssuerLogic trackIssuerLogic, ClaimsOAuthDownLogic claimsOAuthDownLogic, OAuthResourceScopeDownLogic oauthResourceScopeDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) { this.logger = logger; this.trackKeyLogic = trackKeyLogic; this.trackIssuerLogic = trackIssuerLogic; - this.claimsDownLogic = claimsDownLogic; + this.claimsOAuthDownLogic = claimsOAuthDownLogic; this.oauthResourceScopeDownLogic = oauthResourceScopeDownLogic; } @@ -37,9 +37,9 @@ public async Task CreateIdTokenAsync(TClient client, IEnumerable } var onlyIdToken = !responseTypes.Contains(IdentityConstants.ResponseTypes.Code) && !responseTypes.Contains(IdentityConstants.ResponseTypes.Token); - var idTokenClaims = new List(await claimsDownLogic.FilterJwtClaimsAsync(client, claims, selectedScopes, includeIdTokenClaims: true, includeAccessTokenClaims: onlyIdToken)); + var idTokenClaims = new List(await claimsOAuthDownLogic.FilterJwtClaimsAsync(client, claims, selectedScopes, includeIdTokenClaims: true, includeAccessTokenClaims: onlyIdToken)); - var clientClaims = claimsDownLogic.GetClientJwtClaims(client, onlyIdTokenClaims: true); + var clientClaims = claimsOAuthDownLogic.GetClientJwtClaims(client, onlyIdTokenClaims: true); if(clientClaims?.Count() > 0) { idTokenClaims.AddRange(clientClaims); @@ -73,9 +73,9 @@ public async Task CreateAccessTokenAsync(TClient client, IEnumerable 0) { accessTokenClaims.AddRange(clientClaims); diff --git a/src/FoxIDs/Logic/OAuth/OAuthAuthCodeGrantDownLogic.cs b/src/FoxIDs/Logic/OAuth/OAuthAuthCodeGrantDownLogic.cs index 85bb01b9f..f84992ebb 100644 --- a/src/FoxIDs/Logic/OAuth/OAuthAuthCodeGrantDownLogic.cs +++ b/src/FoxIDs/Logic/OAuth/OAuthAuthCodeGrantDownLogic.cs @@ -15,13 +15,13 @@ public class OAuthAuthCodeGrantDownLogic : LogicSequenc { private readonly TelemetryScopedLogger logger; private readonly ITenantRepository tenantRepository; - private readonly ClaimsDownLogic claimsDownLogic; + private readonly ClaimsOAuthDownLogic claimsOAuthDownLogic; - public OAuthAuthCodeGrantDownLogic(TelemetryScopedLogger logger, ITenantRepository tenantRepository, ClaimsDownLogic claimsDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + public OAuthAuthCodeGrantDownLogic(TelemetryScopedLogger logger, ITenantRepository tenantRepository, ClaimsOAuthDownLogic claimsOAuthDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) { this.logger = logger; this.tenantRepository = tenantRepository; - this.claimsDownLogic = claimsDownLogic; + this.claimsOAuthDownLogic = claimsOAuthDownLogic; } public async Task CreateAuthCodeGrantAsync(TClient client, List claims, string redirectUri, string scope, string nonce, string codeChallenge, string codeChallengeMethod) @@ -31,7 +31,7 @@ public async Task CreateAuthCodeGrantAsync(TClient client, List c if (!client.AuthorizationCodeLifetime.HasValue) throw new EndpointException("Client AuthorizationCodeLifetime not configured.") { RouteBinding = RouteBinding }; - var grantClaims = await claimsDownLogic.FilterJwtClaimsAsync(client, claims, scope?.ToSpaceList(), includeIdTokenClaims: true, includeAccessTokenClaims: true); + var grantClaims = await claimsOAuthDownLogic.FilterJwtClaimsAsync(client, claims, scope?.ToSpaceList(), includeIdTokenClaims: true, includeAccessTokenClaims: true); var code = RandomGenerator.Generate(64); var grant = new AuthCodeTtlGrant diff --git a/src/FoxIDs/Logic/OAuth/OAuthRefreshTokenGrantDownLogic.cs b/src/FoxIDs/Logic/OAuth/OAuthRefreshTokenGrantDownLogic.cs index e929a1fde..8b0af8e35 100644 --- a/src/FoxIDs/Logic/OAuth/OAuthRefreshTokenGrantDownLogic.cs +++ b/src/FoxIDs/Logic/OAuth/OAuthRefreshTokenGrantDownLogic.cs @@ -16,13 +16,13 @@ public class OAuthRefreshTokenGrantDownLogic : LogicSeq { private readonly TelemetryScopedLogger logger; private readonly ITenantRepository tenantRepository; - private readonly ClaimsDownLogic claimsDownLogic; + private readonly ClaimsOAuthDownLogic claimsOAuthDownLogic; - public OAuthRefreshTokenGrantDownLogic(TelemetryScopedLogger logger, ITenantRepository tenantRepository, ClaimsDownLogic claimsDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + public OAuthRefreshTokenGrantDownLogic(TelemetryScopedLogger logger, ITenantRepository tenantRepository, ClaimsOAuthDownLogic claimsOAuthDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) { this.logger = logger; this.tenantRepository = tenantRepository; - this.claimsDownLogic = claimsDownLogic; + this.claimsOAuthDownLogic = claimsOAuthDownLogic; } public async Task CreateRefreshTokenGrantAsync(TClient client, List claims, string scope) @@ -31,7 +31,7 @@ public async Task CreateRefreshTokenGrantAsync(TClient client, List>().AuthenticationRequestRedirectAsync(toUpParty, await GetLoginRequestAsync(party, authenticationRequest)); case PartyTypes.Saml2: return await serviceProvider.GetService().AuthnRequestRedirectAsync(toUpParty, await GetLoginRequestAsync(party, authenticationRequest)); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().AuthRequestAsync(toUpParty, await GetLoginRequestAsync(party, authenticationRequest)); default: throw new NotSupportedException($"Party type '{toUpParty.Type}' not supported."); } diff --git a/src/FoxIDs/Logic/Oidc/OidcAuthUpLogic.cs b/src/FoxIDs/Logic/Oidc/OidcAuthUpLogic.cs index ec2efa293..fe5e122d1 100644 --- a/src/FoxIDs/Logic/Oidc/OidcAuthUpLogic.cs +++ b/src/FoxIDs/Logic/Oidc/OidcAuthUpLogic.cs @@ -6,7 +6,6 @@ using FoxIDs.Repository; using ITfoxtec.Identity; using ITfoxtec.Identity.Messages; -using ITfoxtec.Identity.Saml2.Schemas; using ITfoxtec.Identity.Tokens; using ITfoxtec.Identity.Util; using Microsoft.AspNetCore.Http; @@ -36,9 +35,10 @@ public class OidcAuthUpLogic : LogicSequenceBase where TParty : private readonly SecurityHeaderLogic securityHeaderLogic; private readonly OidcDiscoveryReadUpLogic oidcDiscoveryReadUpLogic; private readonly ClaimTransformLogic claimTransformLogic; + private readonly ClaimValidationLogic claimValidationLogic; private readonly IHttpClientFactory httpClientFactory; - public OidcAuthUpLogic(TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, JwtUpLogic jwtUpLogic, SequenceLogic sequenceLogic, PlanUsageLogic planUsageLogic, HrdLogic hrdLogic, SessionUpPartyLogic sessionUpPartyLogic, SecurityHeaderLogic securityHeaderLogic, OidcDiscoveryReadUpLogic oidcDiscoveryReadUpLogic, ClaimTransformLogic claimTransformLogic, IHttpClientFactory httpClientFactory, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + public OidcAuthUpLogic(TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, JwtUpLogic jwtUpLogic, SequenceLogic sequenceLogic, PlanUsageLogic planUsageLogic, HrdLogic hrdLogic, SessionUpPartyLogic sessionUpPartyLogic, SecurityHeaderLogic securityHeaderLogic, OidcDiscoveryReadUpLogic oidcDiscoveryReadUpLogic, ClaimTransformLogic claimTransformLogic, ClaimValidationLogic claimValidationLogic, IHttpClientFactory httpClientFactory, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) { this.logger = logger; this.serviceProvider = serviceProvider; @@ -51,6 +51,7 @@ public OidcAuthUpLogic(TelemetryScopedLogger logger, IServiceProvider servicePro this.securityHeaderLogic = securityHeaderLogic; this.oidcDiscoveryReadUpLogic = oidcDiscoveryReadUpLogic; this.claimTransformLogic = claimTransformLogic; + this.claimValidationLogic = claimValidationLogic; this.httpClientFactory = httpClientFactory; } @@ -211,7 +212,7 @@ public async Task AuthenticationResponseAsync(string partyId) claims.AddClaim(Constants.JwtClaimTypes.UpPartyType, party.Type.ToString().ToLower()); var transformedClaims = await claimTransformLogic.Transform(party.ClaimTransforms?.ConvertAll(t => (ClaimTransform)t), claims); - var validClaims = ValidateClaims(party, transformedClaims); + var validClaims = claimValidationLogic.ValidateUpPartyClaims(party.Client.Claims, transformedClaims); var sessionId = await sessionUpPartyLogic.CreateOrUpdateSessionAsync(party, party.DisableSingleLogout ? null : sequenceData.DownPartyLink, validClaims, externalSessionId, idToken); if (!sessionId.IsNullOrEmpty()) @@ -296,43 +297,6 @@ private void ValidateAuthenticationResponse(TParty party, AuthenticationResponse } } - private List ValidateClaims(TParty party, List claims) - { - var acceptAllClaims = party.Client.Claims?.Where(c => c == "*")?.Count() > 0; - if (acceptAllClaims) - { - claims = claims.Where(c => !Constants.DefaultClaims.ExcludeJwtTokenUpParty.Any(ic => ic == c.Type)).ToList(); - } - else - { - var acceptedClaims = Constants.DefaultClaims.JwtTokenUpParty.ConcatOnce(party.Client.Claims).Where(c => !Constants.DefaultClaims.ExcludeJwtTokenUpParty.Contains(c)); - claims = claims.Where(c => acceptedClaims.Any(ic => ic == c.Type)).ToList(); - } - foreach (var claim in claims) - { - if (claim.Type?.Length > Constants.Models.Claim.JwtTypeLength) - { - throw new OAuthRequestException($"Claim '{claim.Type.Substring(0, Constants.Models.Claim.JwtTypeLength)}' is too long, maximum length of '{Constants.Models.Claim.JwtTypeLength}'.") { RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidToken }; - } - - if(Constants.EmbeddedJwtToken.JwtTokenClaims.Any(claim.Type.Contains)) - { - if (claim.Value?.Length > Constants.EmbeddedJwtToken.ValueLength) - { - throw new OAuthRequestException($"Claim '{claim.Type}' value is too long, maximum length of '{Constants.EmbeddedJwtToken.ValueLength}'.") { RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidToken }; - } - } - else - { - if (claim.Value?.Length > Constants.Models.Claim.ValueLength) - { - throw new OAuthRequestException($"Claim '{claim.Type}' value is too long, maximum length of '{Constants.Models.Claim.ValueLength}'.") { RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidToken }; - } - } - } - return claims; - } - private async Task<(List, string)> HandleAuthorizationCodeResponseAsync(TParty party, OidcUpSequenceData sequenceData, string code) { var tokenResponse = await TokenRequestAsync(party.Client, code, sequenceData); @@ -637,8 +601,10 @@ private async Task AuthenticationResponseDownAsync(OidcUpSequence return await serviceProvider.GetService>().AuthenticationResponseErrorAsync(sequenceData.DownPartyLink.Id, error, errorDescription); } case PartyTypes.Saml2: - var claimsLogic = serviceProvider.GetService>(); - return await serviceProvider.GetService().AuthnResponseAsync(sequenceData.DownPartyLink.Id, ErrorToSamlStatus(error), claims != null ? await claimsLogic.FromJwtToSamlClaimsAsync(claims) : null); + var claimsLogic = serviceProvider.GetService>(); + return await serviceProvider.GetService().AuthnResponseAsync(sequenceData.DownPartyLink.Id, SamlConvertLogic.ErrorToSamlStatus(error), claims != null ? await claimsLogic.FromJwtToSamlClaimsAsync(claims) : null); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().AuthResponseAsync(sequenceData.DownPartyLink.Id, claims, error, errorDescription); default: throw new NotSupportedException(); @@ -650,22 +616,5 @@ private async Task AuthenticationResponseDownAsync(OidcUpSequence throw new StopSequenceException("Falling authentication response down", ex); } } - - private Saml2StatusCodes ErrorToSamlStatus(string error) - { - if (error.IsNullOrEmpty()) - { - return Saml2StatusCodes.Success; - } - - switch (error) - { - case IdentityConstants.ResponseErrors.LoginRequired: - return Saml2StatusCodes.NoAuthnContext; - - default: - return Saml2StatusCodes.Responder; - } - } } } diff --git a/src/FoxIDs/Logic/Oidc/OidcDiscoveryExposeDownLogic.cs b/src/FoxIDs/Logic/Oidc/OidcDiscoveryExposeDownLogic.cs index 664cb41a1..cbeb9fab6 100644 --- a/src/FoxIDs/Logic/Oidc/OidcDiscoveryExposeDownLogic.cs +++ b/src/FoxIDs/Logic/Oidc/OidcDiscoveryExposeDownLogic.cs @@ -6,7 +6,7 @@ using Microsoft.AspNetCore.Http; using System.Linq; using System.Threading.Tasks; -using UrlCombineLib; +using ITfoxtec.Identity.Util; using ITfoxtec.Identity.Models; using System.Collections.Generic; using System; diff --git a/src/FoxIDs/Logic/Oidc/OidcFrontChannelLogoutDownLogic.cs b/src/FoxIDs/Logic/Oidc/OidcFrontChannelLogoutDownLogic.cs index 1d1001b0a..92632416b 100644 --- a/src/FoxIDs/Logic/Oidc/OidcFrontChannelLogoutDownLogic.cs +++ b/src/FoxIDs/Logic/Oidc/OidcFrontChannelLogoutDownLogic.cs @@ -33,6 +33,7 @@ public OidcFrontChannelLogoutDownLogic(TelemetryScopedLogger logger, TrackIssuer public async Task LogoutRequestAsync(IEnumerable partyIds, SingleLogoutSequenceData sequenceData, bool hostedInIframe, bool doSamlLogoutInIframe) { + logger.ScopeTrace(() => "Down, OIDC Front Channel logout request."); var frontChannelLogoutRequest = new FrontChannelLogoutRequest { Issuer = trackIssuerLogic.GetIssuer(), diff --git a/src/FoxIDs/Logic/Oidc/OidcRpInitiatedLogoutDownLogic.cs b/src/FoxIDs/Logic/Oidc/OidcRpInitiatedLogoutDownLogic.cs index 571c9ec26..73b2daada 100644 --- a/src/FoxIDs/Logic/Oidc/OidcRpInitiatedLogoutDownLogic.cs +++ b/src/FoxIDs/Logic/Oidc/OidcRpInitiatedLogoutDownLogic.cs @@ -11,7 +11,6 @@ using Microsoft.Extensions.DependencyInjection; using System.Collections.Generic; using System.Security.Claims; -using ITfoxtec.Identity.Saml2.Claims; using FoxIDs.Models.Logic; using FoxIDs.Models.Sequences; using FoxIDs.Models.Session; @@ -91,25 +90,27 @@ await sequenceLogic.SaveSequenceDataAsync(new OidcDownSequenceData State = rpInitiatedLogoutRequest.State, }); - var toUpPartie = await GetToUpPartyAsync(idTokenClaims); - logger.ScopeTrace(() => $"Request, Up type '{toUpPartie.Type}'."); - switch (toUpPartie.Type) + var toUpParty = await GetToUpPartyAsync(idTokenClaims); + logger.ScopeTrace(() => $"Request, Up type '{toUpParty.Type}'."); + switch (toUpParty.Type) { case PartyTypes.Login: - return await serviceProvider.GetService().LogoutRedirect(toUpPartie, GetLogoutRequest(party, sessionId, validIdToken, postLogoutRedirectUri)); + return await serviceProvider.GetService().LogoutRedirect(toUpParty, GetLogoutRequest(party, sessionId, validIdToken, postLogoutRedirectUri)); case PartyTypes.OAuth2: throw new NotImplementedException(); case PartyTypes.Oidc: - return await serviceProvider.GetService>().EndSessionRequestRedirectAsync(toUpPartie, GetLogoutRequest(party, sessionId, validIdToken, postLogoutRedirectUri)); + return await serviceProvider.GetService>().EndSessionRequestRedirectAsync(toUpParty, GetLogoutRequest(party, sessionId, validIdToken, postLogoutRedirectUri)); case PartyTypes.Saml2: if (!validIdToken) { throw new OAuthRequestException($"ID Token hint is required for SAML 2.0 Up-party.") { RouteBinding = RouteBinding }; } - return await serviceProvider.GetService().LogoutRequestRedirectAsync(toUpPartie, GetSamlLogoutRequest( party, sessionId, idTokenClaims)); + return await serviceProvider.GetService().LogoutRequestRedirectAsync(toUpParty, GetSamlLogoutRequest(party, sessionId)); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().LogoutRequestRedirectAsync(toUpParty, GetLogoutRequest(party, sessionId, validIdToken, postLogoutRedirectUri)); default: - throw new NotSupportedException($"Party type '{toUpPartie.Type}' not supported."); + throw new NotSupportedException($"Party type '{toUpParty.Type}' not supported."); } } @@ -149,29 +150,14 @@ private LogoutRequest GetLogoutRequest(TParty party, string sessionId, bool vali return logoutRequest; } - private LogoutRequest GetSamlLogoutRequest(TParty party, string sessionId, IEnumerable idTokenClaims) + private LogoutRequest GetSamlLogoutRequest(TParty party, string sessionId) { - var samlClaims = new List(); - var nameIdClaim = idTokenClaims.FirstOrDefault(c => c.Type == JwtClaimTypes.Subject); - if(nameIdClaim == null) - { - throw new OAuthRequestException($"Require '{JwtClaimTypes.Subject}' claim in ID Token hint.") { RouteBinding = RouteBinding }; - } - samlClaims.AddClaim(Saml2ClaimTypes.NameId, nameIdClaim.Value); - - var subFormatClaim = idTokenClaims.FirstOrDefault(c => c.Type == Constants.JwtClaimTypes.SubFormat); - if (subFormatClaim != null) - { - samlClaims.AddClaim(Saml2ClaimTypes.NameIdFormat, subFormatClaim.Value); - } - return new LogoutRequest { DownPartyLink = new DownPartySessionLink { SupportSingleLogout = !string.IsNullOrWhiteSpace(party.Client?.FrontChannelLogoutUri), Id = party.Id, Type = party.Type }, SessionId = sessionId, RequireLogoutConsent = false, - PostLogoutRedirect = true, - Claims = samlClaims, + PostLogoutRedirect = true }; } diff --git a/src/FoxIDs/Logic/Oidc/OidcRpInitiatedLogoutUpLogic.cs b/src/FoxIDs/Logic/Oidc/OidcRpInitiatedLogoutUpLogic.cs index d3ecfbd61..653197391 100644 --- a/src/FoxIDs/Logic/Oidc/OidcRpInitiatedLogoutUpLogic.cs +++ b/src/FoxIDs/Logic/Oidc/OidcRpInitiatedLogoutUpLogic.cs @@ -11,7 +11,7 @@ using System; using System.Linq; using System.Threading.Tasks; -using UrlCombineLib; +using ITfoxtec.Identity.Util; namespace FoxIDs.Logic { @@ -189,6 +189,8 @@ private async Task LogoutResponseDownAsync(OidcUpSequenceData seq return await serviceProvider.GetService>().EndSessionResponseAsync(sequenceData.DownPartyLink.Id); case PartyTypes.Saml2: return await serviceProvider.GetService().LogoutResponseAsync(sequenceData.DownPartyLink.Id, sessionIndex: sequenceData.SessionId); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().LogoutResponseAsync(sequenceData.DownPartyLink.Id); default: throw new NotSupportedException(); diff --git a/src/FoxIDs/Logic/Saml/SamlAuthnDownLogic.cs b/src/FoxIDs/Logic/Saml/SamlAuthnDownLogic.cs index 9b6846c7b..aa72c4798 100644 --- a/src/FoxIDs/Logic/Saml/SamlAuthnDownLogic.cs +++ b/src/FoxIDs/Logic/Saml/SamlAuthnDownLogic.cs @@ -18,7 +18,6 @@ using Microsoft.IdentityModel.Tokens.Saml2; using FoxIDs.Models.Sequences; using FoxIDs.Models.Session; -using ITfoxtec.Identity; namespace FoxIDs.Logic { @@ -32,10 +31,10 @@ public class SamlAuthnDownLogic : LogicSequenceBase private readonly SecurityHeaderLogic securityHeaderLogic; private readonly ClaimTransformLogic claimTransformLogic; private readonly SamlClaimsDownLogic samlClaimsDownLogic; - private readonly ClaimsDownLogic claimsDownLogic; + private readonly ClaimsOAuthDownLogic claimsOAuthDownLogic; private readonly Saml2ConfigurationLogic saml2ConfigurationLogic; - public SamlAuthnDownLogic(FoxIDsSettings settings, TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, SequenceLogic sequenceLogic, SecurityHeaderLogic securityHeaderLogic, ClaimTransformLogic claimTransformLogic, SamlClaimsDownLogic samlClaimsDownLogic, ClaimsDownLogic claimsDownLogic, Saml2ConfigurationLogic saml2ConfigurationLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + public SamlAuthnDownLogic(FoxIDsSettings settings, TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, SequenceLogic sequenceLogic, SecurityHeaderLogic securityHeaderLogic, ClaimTransformLogic claimTransformLogic, SamlClaimsDownLogic samlClaimsDownLogic, ClaimsOAuthDownLogic claimsOAuthDownLogic, Saml2ConfigurationLogic saml2ConfigurationLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) { this.settings = settings; this.logger = logger; @@ -45,7 +44,7 @@ public SamlAuthnDownLogic(FoxIDsSettings settings, TelemetryScopedLogger logger, this.securityHeaderLogic = securityHeaderLogic; this.claimTransformLogic = claimTransformLogic; this.samlClaimsDownLogic = samlClaimsDownLogic; - this.claimsDownLogic = claimsDownLogic; + this.claimsOAuthDownLogic = claimsOAuthDownLogic; this.saml2ConfigurationLogic = saml2ConfigurationLogic; } @@ -117,6 +116,8 @@ await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData return await serviceProvider.GetService>().AuthenticationRequestRedirectAsync(toUpParty, GetLoginRequestAsync(party, saml2AuthnRequest)); case PartyTypes.Saml2: return await serviceProvider.GetService().AuthnRequestRedirectAsync(toUpParty, GetLoginRequestAsync(party, saml2AuthnRequest)); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().AuthRequestAsync(toUpParty, GetLoginRequestAsync(party, saml2AuthnRequest)); default: throw new NotSupportedException($"Party type '{toUpParty.Type}' not supported."); @@ -201,7 +202,7 @@ public async Task AuthnResponseAsync(string partyId, Saml2StatusC var samlConfig = await saml2ConfigurationLogic.GetSamlDownConfigAsync(party, includeSigningCertificate: true, includeEncryptionCertificates: true); var sequenceData = await sequenceLogic.GetSequenceDataAsync(false); - var claims = jwtClaims != null ? await claimsDownLogic.FromJwtToSamlClaimsAsync(jwtClaims) : null; + var claims = jwtClaims != null ? await claimsOAuthDownLogic.FromJwtToSamlClaimsAsync(jwtClaims) : null; return await AuthnResponseAsync(party, samlConfig, sequenceData.Id, sequenceData.RelayState, sequenceData.AcsResponseUrl, status, claims); } diff --git a/src/FoxIDs/Logic/Saml/SamlAuthnUpLogic.cs b/src/FoxIDs/Logic/Saml/SamlAuthnUpLogic.cs index 3a1d85e0e..b37baa53c 100644 --- a/src/FoxIDs/Logic/Saml/SamlAuthnUpLogic.cs +++ b/src/FoxIDs/Logic/Saml/SamlAuthnUpLogic.cs @@ -31,11 +31,11 @@ public class SamlAuthnUpLogic : LogicSequenceBase private readonly SecurityHeaderLogic securityHeaderLogic; private readonly SamlMetadataReadUpLogic samlMetadataReadUpLogic; private readonly ClaimTransformLogic claimTransformLogic; - private readonly ClaimsDownLogic claimsDownLogic; + private readonly ClaimsOAuthDownLogic claimsOAuthDownLogic; private readonly Saml2ConfigurationLogic saml2ConfigurationLogic; private readonly PlanUsageLogic planUsageLogic; - public SamlAuthnUpLogic(TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, SequenceLogic sequenceLogic, PlanUsageLogic planUsageLogic, HrdLogic hrdLogic, SessionUpPartyLogic sessionUpPartyLogic, SecurityHeaderLogic securityHeaderLogic, SamlMetadataReadUpLogic samlMetadataReadUpLogic, ClaimTransformLogic claimTransformLogic, ClaimsDownLogic claimsDownLogic, Saml2ConfigurationLogic saml2ConfigurationLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + public SamlAuthnUpLogic(TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, SequenceLogic sequenceLogic, PlanUsageLogic planUsageLogic, HrdLogic hrdLogic, SessionUpPartyLogic sessionUpPartyLogic, SecurityHeaderLogic securityHeaderLogic, SamlMetadataReadUpLogic samlMetadataReadUpLogic, ClaimTransformLogic claimTransformLogic, ClaimsOAuthDownLogic claimsOAuthDownLogic, Saml2ConfigurationLogic saml2ConfigurationLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) { this.logger = logger; this.serviceProvider = serviceProvider; @@ -46,10 +46,11 @@ public SamlAuthnUpLogic(TelemetryScopedLogger logger, IServiceProvider servicePr this.securityHeaderLogic = securityHeaderLogic; this.samlMetadataReadUpLogic = samlMetadataReadUpLogic; this.claimTransformLogic = claimTransformLogic; - this.claimsDownLogic = claimsDownLogic; + this.claimsOAuthDownLogic = claimsOAuthDownLogic; this.saml2ConfigurationLogic = saml2ConfigurationLogic; this.planUsageLogic = planUsageLogic; } + public async Task AuthnRequestRedirectAsync(UpPartyLink partyLink, LoginRequest loginRequest, string hrdLoginUpPartyName = null) { logger.ScopeTrace(() => "Up, SAML Authn request redirect."); @@ -257,7 +258,7 @@ private async Task AuthnResponseAsync(SamlUpParty party, Saml2 var validClaims = ValidateClaims(party, transformedClaims); logger.ScopeTrace(() => $"Up, SAML Authn output SAML claims '{validClaims.ToFormattedString()}'", traceType: TraceTypes.Claim); - var jwtValidClaims = await claimsDownLogic.FromSamlToJwtClaimsAsync(validClaims); + var jwtValidClaims = await claimsOAuthDownLogic.FromSamlToJwtClaimsAsync(validClaims); var sessionId = await sessionUpPartyLogic.CreateOrUpdateSessionAsync(party, party.DisableSingleLogout ? null : sequenceData.DownPartyLink, jwtValidClaims, externalSessionId); if (!sessionId.IsNullOrEmpty()) { @@ -387,7 +388,8 @@ private async Task AuthnResponseDownAsync(SamlUpSequenceData sequ } case PartyTypes.Saml2: return await serviceProvider.GetService().AuthnResponseAsync(sequenceData.DownPartyLink.Id, status, jwtClaims); - + case PartyTypes.TrackLink: + return await serviceProvider.GetService().AuthResponseAsync(sequenceData.DownPartyLink.Id, jwtClaims); default: throw new NotSupportedException(); } diff --git a/src/FoxIDs/Logic/Saml/SamlConfigurationLogic.cs b/src/FoxIDs/Logic/Saml/SamlConfigurationLogic.cs index 5faa91a99..71f231d56 100644 --- a/src/FoxIDs/Logic/Saml/SamlConfigurationLogic.cs +++ b/src/FoxIDs/Logic/Saml/SamlConfigurationLogic.cs @@ -2,7 +2,6 @@ using Microsoft.AspNetCore.Http; using System; using System.Linq; -using FoxIDs.Infrastructure; using System.Threading.Tasks; using ITfoxtec.Identity.Saml2; diff --git a/src/FoxIDs/Logic/Saml/SamlConvertLogic.cs b/src/FoxIDs/Logic/Saml/SamlConvertLogic.cs new file mode 100644 index 000000000..f118f65e0 --- /dev/null +++ b/src/FoxIDs/Logic/Saml/SamlConvertLogic.cs @@ -0,0 +1,25 @@ +using ITfoxtec.Identity; +using ITfoxtec.Identity.Saml2.Schemas; + +namespace FoxIDs.Logic +{ + public static class SamlConvertLogic + { + public static Saml2StatusCodes ErrorToSamlStatus(string error) + { + if (error.IsNullOrEmpty()) + { + return Saml2StatusCodes.Success; + } + + switch (error) + { + case IdentityConstants.ResponseErrors.LoginRequired: + return Saml2StatusCodes.NoAuthnContext; + + default: + return Saml2StatusCodes.Responder; + } + } + } +} diff --git a/src/FoxIDs/Logic/Saml/SamlLogoutDownLogic.cs b/src/FoxIDs/Logic/Saml/SamlLogoutDownLogic.cs index 9af57a361..0fba6e71f 100644 --- a/src/FoxIDs/Logic/Saml/SamlLogoutDownLogic.cs +++ b/src/FoxIDs/Logic/Saml/SamlLogoutDownLogic.cs @@ -12,8 +12,6 @@ using System.Collections.Generic; using System.Threading.Tasks; using System.Security.Claims; -using ITfoxtec.Identity.Saml2.Claims; -using System.Linq; using FoxIDs.Models.Logic; using Microsoft.IdentityModel.Tokens.Saml2; using FoxIDs.Models.Sequences; @@ -33,10 +31,10 @@ public class SamlLogoutDownLogic : LogicSequenceBase private readonly Saml2ConfigurationLogic saml2ConfigurationLogic; private readonly ClaimTransformLogic claimTransformLogic; private readonly SamlClaimsDownLogic samlClaimsDownLogic; - private readonly ClaimsDownLogic claimsDownLogic; + private readonly ClaimsOAuthDownLogic claimsOAuthDownLogic; private readonly SingleLogoutDownLogic singleLogoutDownLogic; - public SamlLogoutDownLogic(TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, SequenceLogic sequenceLogic, HrdLogic hrdLogic, SecurityHeaderLogic securityHeaderLogic, Saml2ConfigurationLogic saml2ConfigurationLogic, ClaimTransformLogic claimTransformLogic, SamlClaimsDownLogic samlClaimsDownLogic, ClaimsDownLogic claimsDownLogic, SingleLogoutDownLogic singleLogoutDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + public SamlLogoutDownLogic(TelemetryScopedLogger logger, IServiceProvider serviceProvider, ITenantRepository tenantRepository, SequenceLogic sequenceLogic, HrdLogic hrdLogic, SecurityHeaderLogic securityHeaderLogic, Saml2ConfigurationLogic saml2ConfigurationLogic, ClaimTransformLogic claimTransformLogic, SamlClaimsDownLogic samlClaimsDownLogic, ClaimsOAuthDownLogic claimsOAuthDownLogic, SingleLogoutDownLogic singleLogoutDownLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) { this.logger = logger; this.serviceProvider = serviceProvider; @@ -47,7 +45,7 @@ public SamlLogoutDownLogic(TelemetryScopedLogger logger, IServiceProvider servic this.saml2ConfigurationLogic = saml2ConfigurationLogic; this.claimTransformLogic = claimTransformLogic; this.samlClaimsDownLogic = samlClaimsDownLogic; - this.claimsDownLogic = claimsDownLogic; + this.claimsOAuthDownLogic = claimsOAuthDownLogic; this.singleLogoutDownLogic = singleLogoutDownLogic; } @@ -111,21 +109,23 @@ await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData RelayState = binding.RelayState }); - var toUpPartie = await hrdLogic.GetUpPartyAndDeleteHrdSelectionAsync(); - logger.ScopeTrace(() => $"Request, Up type '{toUpPartie.Type}'."); - switch (toUpPartie.Type) + var toUpParty = await hrdLogic.GetUpPartyAndDeleteHrdSelectionAsync(); + logger.ScopeTrace(() => $"Request, Up type '{toUpParty.Type}'."); + switch (toUpParty.Type) { case PartyTypes.Login: - return await serviceProvider.GetService().LogoutRedirect(toUpPartie, GetLogoutRequest(party, saml2LogoutRequest)); + return await serviceProvider.GetService().LogoutRedirect(toUpParty, GetLogoutRequest(party, saml2LogoutRequest)); case PartyTypes.OAuth2: throw new NotImplementedException(); case PartyTypes.Oidc: - return await serviceProvider.GetService>().EndSessionRequestRedirectAsync(toUpPartie, GetLogoutRequest(party, saml2LogoutRequest)); + return await serviceProvider.GetService>().EndSessionRequestRedirectAsync(toUpParty, GetLogoutRequest(party, saml2LogoutRequest)); case PartyTypes.Saml2: - return await serviceProvider.GetService().LogoutRequestRedirectAsync(toUpPartie, GetSamlLogoutRequest(party, saml2LogoutRequest)); + return await serviceProvider.GetService().LogoutRequestRedirectAsync(toUpParty, GetSamlLogoutRequest(party, saml2LogoutRequest)); + case PartyTypes.TrackLink: + return await serviceProvider.GetService().LogoutRequestRedirectAsync(toUpParty, GetLogoutRequest(party, saml2LogoutRequest)); default: - throw new NotSupportedException($"Party type '{toUpPartie.Type}' not supported."); + throw new NotSupportedException($"Party type '{toUpParty.Type}' not supported."); } } catch (SamlRequestException ex) @@ -148,23 +148,12 @@ private LogoutRequest GetLogoutRequest(SamlDownParty party, Saml2LogoutRequest s private LogoutRequest GetSamlLogoutRequest(SamlDownParty party, Saml2LogoutRequest saml2LogoutRequest) { - var samlClaims = new List(); - if (saml2LogoutRequest.NameId != null) - { - samlClaims.AddClaim(Saml2ClaimTypes.NameId, saml2LogoutRequest.NameId.Value); - - if (saml2LogoutRequest.NameId.Format != null) - { - samlClaims.AddClaim(Saml2ClaimTypes.NameIdFormat, saml2LogoutRequest.NameId.Format.OriginalString); - } - } return new LogoutRequest { DownPartyLink = new DownPartySessionLink { SupportSingleLogout = !string.IsNullOrWhiteSpace(party.SingleLogoutUrl), Id = party.Id, Type = party.Type }, SessionId = saml2LogoutRequest.SessionIndex, RequireLogoutConsent = false, - PostLogoutRedirect = true, - Claims = samlClaims, + PostLogoutRedirect = true }; } @@ -258,7 +247,7 @@ public async Task SingleLogoutRequestAsync(string partyId, Single return await singleLogoutDownLogic.HandleSingleLogoutAsync(sequenceData); } - var claims = await claimsDownLogic.FromJwtToSamlClaimsAsync(sequenceData.Claims.ToClaimList()); + var claims = await claimsOAuthDownLogic.FromJwtToSamlClaimsAsync(sequenceData.Claims.ToClaimList()); switch (party.LogoutBinding.RequestBinding) { diff --git a/src/FoxIDs/Logic/Saml/SamlLogoutUpLogic.cs b/src/FoxIDs/Logic/Saml/SamlLogoutUpLogic.cs index 82c89cad9..61d25d21c 100644 --- a/src/FoxIDs/Logic/Saml/SamlLogoutUpLogic.cs +++ b/src/FoxIDs/Logic/Saml/SamlLogoutUpLogic.cs @@ -61,8 +61,7 @@ await sequenceLogic.SaveSequenceDataAsync(new SamlUpSequenceData UpPartyId = partyId, SessionId = logoutRequest.SessionId, RequireLogoutConsent = logoutRequest.RequireLogoutConsent, - PostLogoutRedirect = logoutRequest.PostLogoutRedirect, - Claims = logoutRequest.Claims.ToClaimAndValues() + PostLogoutRedirect = logoutRequest.PostLogoutRedirect }); return HttpContext.GetUpPartyUrl(partyLink.Name, Constants.Routes.SamlUpJumpController, Constants.Endpoints.UpJump.LogoutRequest, includeSequence: true, partyBindingPattern: party.PartyBindingPattern).ToRedirectResult(); @@ -314,6 +313,15 @@ private async Task LogoutResponseDownAsync(SamlUpSequenceData seq } case PartyTypes.Saml2: return await serviceProvider.GetService().LogoutResponseAsync(sequenceData.DownPartyLink.Id, status, sequenceData.SessionId); + case PartyTypes.TrackLink: + if (status == Saml2StatusCodes.Success) + { + return await serviceProvider.GetService().LogoutResponseAsync(sequenceData.DownPartyLink.Id); + } + else + { + throw new StopSequenceException($"SAML up Logout failed, Status '{status}', Name '{RouteBinding.UpParty.Name}'."); + } default: throw new NotSupportedException(); diff --git a/src/FoxIDs/Logic/Saml/SamlMetadataExposeLogic.cs b/src/FoxIDs/Logic/Saml/SamlMetadataExposeLogic.cs index 3c621b439..d7971cf59 100644 --- a/src/FoxIDs/Logic/Saml/SamlMetadataExposeLogic.cs +++ b/src/FoxIDs/Logic/Saml/SamlMetadataExposeLogic.cs @@ -10,12 +10,11 @@ using System; using System.Security.Cryptography.X509Certificates; using System.Threading.Tasks; -using UrlCombineLib; +using ITfoxtec.Identity.Util; using FoxIDs.Models.Config; using System.Collections.Generic; using ITfoxtec.Identity; using System.Linq; -using static Microsoft.ApplicationInsights.MetricDimensionNames.TelemetryContext; namespace FoxIDs.Logic { diff --git a/src/FoxIDs/Logic/SequenceLogic.cs b/src/FoxIDs/Logic/SequenceLogic.cs index 351a84b7f..a386e2767 100644 --- a/src/FoxIDs/Logic/SequenceLogic.cs +++ b/src/FoxIDs/Logic/SequenceLogic.cs @@ -114,7 +114,7 @@ public Task TryReadSequenceAsync(string sequenceString) { if (!sequenceString.IsNullOrWhiteSpace()) { - sequenceString.ValidateMaxLength(Constants.Sequence.MaxLength, nameof(sequenceString), nameof(ValidateSequenceAsync)); + sequenceString.ValidateMaxLength(Constants.Sequence.MaxLength, nameof(sequenceString), nameof(TryReadSequenceAsync)); try { @@ -131,10 +131,10 @@ public Task TryReadSequenceAsync(string sequenceString) return Task.FromResult(null); } - public async Task ValidateSequenceAsync(string sequenceString, bool setValid = false) + public async Task ValidateAndSetSequenceAsync(string sequenceString, bool setValid = false) { if (sequenceString.IsNullOrWhiteSpace()) throw new ArgumentNullException(nameof(sequenceString)); - sequenceString.ValidateMaxLength(Constants.Sequence.MaxLength, nameof(sequenceString), nameof(ValidateSequenceAsync)); + sequenceString.ValidateMaxLength(Constants.Sequence.MaxLength, nameof(sequenceString), nameof(ValidateAndSetSequenceAsync)); try { @@ -159,8 +159,36 @@ public async Task ValidateSequenceAsync(string sequenceString, bool setValid = f } } - public async Task SaveSequenceDataAsync(T data, Sequence sequence = null) where T : ISequenceData + public async Task ValidateSequenceAsync(string sequenceString, string trackName = null) { + if (sequenceString.IsNullOrWhiteSpace()) throw new ArgumentNullException(nameof(sequenceString)); + sequenceString.ValidateMaxLength(Constants.Sequence.MaxLength, nameof(sequenceString), nameof(ValidateAndSetSequenceAsync)); + + try + { + var sequence = await Task.FromResult(CreateProtector(trackName).Unprotect(sequenceString).ToObject()); + CheckTimeout(sequence); + + logger.ScopeTrace(() => $"Sequence is validated, id '{sequence.Id}'."); + return sequence; + } + catch (SequenceException) + { + throw; + } + catch (Exception ex) + { + throw new SequenceException("Invalid sequence.", ex); + } + } + + public async Task SaveSequenceDataAsync(T data, Sequence sequence = null, string trackName = null, bool setKeyValidUntil = false) where T : ISequenceData + { + if (setKeyValidUntil && data is ISequenceKey keyData) + { + keyData.KeyValidUntil = DateTimeOffset.UtcNow.AddSeconds(settings.KeySequenceLifetime).ToUnixTimeSeconds(); + } + await data.ValidateObjectAsync(); sequence = sequence ?? HttpContext.GetSequence(); @@ -169,19 +197,19 @@ public async Task SaveSequenceDataAsync(T data, Sequence sequence = null) { AbsoluteExpiration = absoluteExpiration }; - await distributedCache.SetStringAsync(DataKey(typeof(T), sequence), data.ToJson(), options); + await distributedCache.SetStringAsync(DataKey(typeof(T), sequence, trackName), data.ToJson(), options); return data; } - public async Task GetSequenceDataAsync(bool remove = true, bool allowNull = false) where T : ISequenceData + public async Task GetSequenceDataAsync(bool remove = true, bool allowNull = false, Sequence sequence = null, string trackName = null) where T : ISequenceData { - var sequence = HttpContext.GetSequence(allowNull); + sequence = sequence ?? HttpContext.GetSequence(allowNull); if(allowNull && sequence == null) { return default; } - var key = DataKey(typeof(T), sequence); + var key = DataKey(typeof(T), sequence, trackName); var data = await distributedCache.GetStringAsync(key); if(data == null) { @@ -203,6 +231,27 @@ public async Task GetSequenceDataAsync(bool remove = true, bool allowNull return data.ToObject(); } + public async Task ValidateKeySequenceDataAsync(Sequence sequence, string trackName, bool remove = true) where T : ISequenceKey + { + var keySequenceData = await GetSequenceDataAsync(remove: remove, sequence: sequence, trackName: trackName); + + if (keySequenceData.KeyUsed) + { + throw new SequenceException($"Key sequence is used, id '{sequence.Id}'."); + } + if (!(keySequenceData.KeyValidUntil > 0) || DateTimeOffset.FromUnixTimeSeconds(keySequenceData.KeyValidUntil) < DateTimeOffset.UtcNow) + { + throw new SequenceException($"Key sequence timeout, id '{sequence.Id}'."); + } + + if (!remove) + { + keySequenceData.KeyUsed = true; + await SaveSequenceDataAsync(keySequenceData, sequence: sequence, trackName: trackName); + } + return keySequenceData; + } + public async Task RemoveSequenceDataAsync() where T : ISequenceData { var sequence = HttpContext.GetSequence(); @@ -215,16 +264,16 @@ private Task CreateSequenceStringAsync(Sequence sequence) return Task.FromResult(CreateProtector().Protect(sequence.ToJson())); } - private string DataKey(Type type, Sequence sequence) + private string DataKey(Type type, Sequence sequence, string trackName = null) { var routeBinding = HttpContext.GetRouteBinding(); - return $"{routeBinding.TenantName}.{routeBinding.TrackName}.seq.{type.Name.ToLower()}.{sequence.Id}.{sequence.CreateTime}"; + return $"{routeBinding.TenantName}.{trackName ?? routeBinding.TrackName}.seq.{type.Name.ToLower()}.{sequence.Id}.{sequence.CreateTime}"; } - private IDataProtector CreateProtector() + private IDataProtector CreateProtector(string trackName = null) { var routeBinding = HttpContext.GetRouteBinding(); - return dataProtectionProvider.CreateProtector(new[] { routeBinding.TenantName, routeBinding.TrackName, typeof(SequenceLogic).Name }); + return dataProtectionProvider.CreateProtector(new[] { routeBinding.TenantName, trackName ?? routeBinding.TrackName, typeof(SequenceLogic).Name }); } private void CheckTimeout(Sequence sequence) diff --git a/src/FoxIDs/Logic/Tracks/ClaimValidationLogic.cs b/src/FoxIDs/Logic/Tracks/ClaimValidationLogic.cs new file mode 100644 index 000000000..a8f796587 --- /dev/null +++ b/src/FoxIDs/Logic/Tracks/ClaimValidationLogic.cs @@ -0,0 +1,52 @@ +using ITfoxtec.Identity; +using Microsoft.AspNetCore.Http; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Security.Claims; + +namespace FoxIDs.Logic +{ + public class ClaimValidationLogic : LogicSequenceBase + { + public ClaimValidationLogic(IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor) + { } + + public List ValidateUpPartyClaims(List upPartyClaims, List claims) + { + var acceptAllClaims = upPartyClaims?.Where(c => c == "*")?.Count() > 0; + if (acceptAllClaims) + { + claims = claims.Where(c => !Constants.DefaultClaims.ExcludeJwtTokenUpParty.Any(ic => ic == c.Type)).ToList(); + } + else + { + var acceptedClaims = Constants.DefaultClaims.JwtTokenUpParty.ConcatOnce(upPartyClaims).Where(c => !Constants.DefaultClaims.ExcludeJwtTokenUpParty.Contains(c)); + claims = claims.Where(c => acceptedClaims.Any(ic => ic == c.Type)).ToList(); + } + foreach (var claim in claims) + { + if (claim.Type?.Length > Constants.Models.Claim.JwtTypeLength) + { + throw new OAuthRequestException($"Claim '{claim.Type.Substring(0, Constants.Models.Claim.JwtTypeLength)}' is too long, maximum length of '{Constants.Models.Claim.JwtTypeLength}'.") { RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidToken }; + } + + if (Constants.EmbeddedJwtToken.JwtTokenClaims.Any(claim.Type.Contains)) + { + if (claim.Value?.Length > Constants.EmbeddedJwtToken.ValueLength) + { + throw new OAuthRequestException($"Claim '{claim.Type}' value is too long, maximum length of '{Constants.EmbeddedJwtToken.ValueLength}'.") { RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidToken }; + } + } + else + { + if (claim.Value?.Length > Constants.Models.Claim.ValueLength) + { + throw new OAuthRequestException($"Claim '{claim.Type}' value is too long, maximum length of '{Constants.Models.Claim.ValueLength}'.") { RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidToken }; + } + } + } + return claims; + } + } +} diff --git a/src/FoxIDs/Logic/Tracks/ClaimsDownLogic.cs b/src/FoxIDs/Logic/Tracks/ClaimsDownLogic.cs index 667c77808..59d8c3ed2 100644 --- a/src/FoxIDs/Logic/Tracks/ClaimsDownLogic.cs +++ b/src/FoxIDs/Logic/Tracks/ClaimsDownLogic.cs @@ -12,7 +12,7 @@ namespace FoxIDs.Logic { - public class ClaimsDownLogic : LogicSequenceBase where TClient : OAuthDownClient where TScope : OAuthDownScope where TClaim : OAuthDownClaim + public class ClaimsDownLogic : LogicSequenceBase { private readonly TelemetryScopedLogger logger; @@ -21,100 +21,46 @@ public ClaimsDownLogic(TelemetryScopedLogger logger, IHttpContextAccessor httpCo this.logger = logger; } - public Task> FilterJwtClaimsAsync(TClient client, IEnumerable jwtClaims, IEnumerable selectedScopes, bool includeIdTokenClaims = false, bool includeAccessTokenClaims = false) + public Task> FilterJwtClaimsAsync(List filterClaimTypes, IEnumerable claims) { - if (!includeIdTokenClaims && !includeAccessTokenClaims) + if (claims == null) { - throw new ArgumentException($"{nameof(includeIdTokenClaims)} and {nameof(includeAccessTokenClaims)} can not be false at the same time."); + return Task.FromResult(new List(claims)); } - if (jwtClaims == null) - { - return Task.FromResult(new List(jwtClaims)); - } - - var filterClaimTypes = GetFilterJwtClaimTypes(client, selectedScopes, includeIdTokenClaims, includeAccessTokenClaims); var acceptAllClaims = filterClaimTypes.Where(c => c == "*").Count() > 0; if (acceptAllClaims) { - return Task.FromResult(TruncateJwtClaimValues(jwtClaims)); + return Task.FromResult(TruncateJwtClaimValues(claims)); } else { - var filterClaims = jwtClaims.Where(c => filterClaimTypes.Contains(c.Type)); - return Task.FromResult(TruncateJwtClaimValues(filterClaims)); + var filteredClaims = claims.Where(c => filterClaimTypes.Contains(c.Type)); + return Task.FromResult(TruncateJwtClaimValues(filteredClaims)); } } - private List GetFilterJwtClaimTypes(TClient client, IEnumerable selectedScopes, bool includeIdTokenClaims, bool includeAccessTokenClaims) + public List GetFilterClaimTypes(IEnumerable filterClaims, List filterClaimTypes = null) { - if(includeIdTokenClaims && !(client is OidcDownClient)) - { - throw new InvalidOperationException("Include ID Token claims only possible for OIDC Down Client."); - } + filterClaimTypes = filterClaimTypes ?? new List(); - var filterClaimTypes = new List(); - - if (includeIdTokenClaims) + var acceptAllClaims = filterClaims?.Where(c => c.Claim == "*")?.Count() > 0; + if (acceptAllClaims) { - var acceptAllIdTokenClaims = client.Claims?.Cast()?.Where(c => c.Claim == "*" && c.InIdToken)?.Count() > 0; - if (acceptAllIdTokenClaims) - { - filterClaimTypes.Add("*"); - return filterClaimTypes; - } - - filterClaimTypes = filterClaimTypes.ConcatOnce(client.Claims?.Cast().Where(c => c.InIdToken).Select(c => c.Claim)); - filterClaimTypes = filterClaimTypes.ConcatOnce(Constants.DefaultClaims.IdToken); + filterClaimTypes.Add("*"); } - if (includeAccessTokenClaims) + else { - - var acceptAllAccessTokenClaims = client.Claims?.Where(c => c.Claim == "*")?.Count() > 0; - if (acceptAllAccessTokenClaims) - { - filterClaimTypes.Add("*"); - return filterClaimTypes; - } - - filterClaimTypes = filterClaimTypes.ConcatOnce(client.Claims?.Select(c => c.Claim)); + filterClaimTypes = filterClaimTypes.ConcatOnce(filterClaims?.Select(c => c.Claim)); filterClaimTypes = filterClaimTypes.ConcatOnce(Constants.DefaultClaims.AccessToken); } - if (selectedScopes?.Count() > 0) - { - if (includeIdTokenClaims) - { - var idTokenVoluntaryClaims = (client as OidcDownClient).Scopes?.Where(s => s.VoluntaryClaims != null && selectedScopes.Any(ss => ss == s.Scope)).SelectMany(s => s.VoluntaryClaims).Where(c => c.InIdToken).Select(c => c.Claim).ToList(); - filterClaimTypes = filterClaimTypes.ConcatOnce(idTokenVoluntaryClaims); - } - if(includeAccessTokenClaims) - { - if(client is OidcDownClient) - { - var accessTokenVoluntaryClaims = (client as OidcDownClient).Scopes?.Where(s => s.VoluntaryClaims != null && selectedScopes.Any(ss => ss == s.Scope)).SelectMany(s => s.VoluntaryClaims).Select(c => c.Claim).ToList(); - filterClaimTypes = filterClaimTypes.ConcatOnce(accessTokenVoluntaryClaims); - } - else - { - var accessTokenVoluntaryClaims = client.Scopes?.Where(s => s.VoluntaryClaims != null && selectedScopes.Any(ss => ss == s.Scope)).SelectMany(s => s.VoluntaryClaims).Select(c => c.Claim).ToList(); - filterClaimTypes = filterClaimTypes.ConcatOnce(accessTokenVoluntaryClaims); - } - } - } - return filterClaimTypes; } - public List GetClientJwtClaims(TClient client, bool onlyIdTokenClaims = false) + public List GetClientJwtClaims(IEnumerable claims) { - var claims = client.Claims?.Where(c => c.Values?.Count() > 0); - - if (onlyIdTokenClaims) - { - claims = claims?.Cast().Where(c => c.InIdToken).Cast(); - } - + claims = claims?.Where(c => c.Values?.Count() > 0); return claims?.SelectMany(item => item.Values.Select(value => new Claim(item.Claim, value))).ToList(); } diff --git a/src/FoxIDs/Logic/Tracks/ClaimsOAuthDownLogic.cs b/src/FoxIDs/Logic/Tracks/ClaimsOAuthDownLogic.cs new file mode 100644 index 000000000..0a82c7b3b --- /dev/null +++ b/src/FoxIDs/Logic/Tracks/ClaimsOAuthDownLogic.cs @@ -0,0 +1,103 @@ +using ITfoxtec.Identity; +using ITfoxtec.Identity.Saml2.Claims; +using ITfoxtec.Identity.Saml2.Schemas; +using FoxIDs.Infrastructure; +using FoxIDs.Models; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Security.Claims; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Http; + +namespace FoxIDs.Logic +{ + public class ClaimsOAuthDownLogic : ClaimsDownLogic where TClient : OAuthDownClient where TScope : OAuthDownScope where TClaim : OAuthDownClaim + { + private readonly TelemetryScopedLogger logger; + + public ClaimsOAuthDownLogic(TelemetryScopedLogger logger, IHttpContextAccessor httpContextAccessor) : base(logger, httpContextAccessor) + { + this.logger = logger; + } + + public Task> FilterJwtClaimsAsync(TClient client, IEnumerable jwtClaims, IEnumerable selectedScopes, bool includeIdTokenClaims = false, bool includeAccessTokenClaims = false) + { + if (!includeIdTokenClaims && !includeAccessTokenClaims) + { + throw new ArgumentException($"{nameof(includeIdTokenClaims)} and {nameof(includeAccessTokenClaims)} can not be false at the same time."); + } + + if (jwtClaims == null) + { + return Task.FromResult(new List(jwtClaims)); + } + + var filterClaimTypes = GetFilterJwtClaimTypes(client, selectedScopes, includeIdTokenClaims, includeAccessTokenClaims); + return FilterJwtClaimsAsync(filterClaimTypes, jwtClaims); + } + + private List GetFilterJwtClaimTypes(TClient client, IEnumerable selectedScopes, bool includeIdTokenClaims, bool includeAccessTokenClaims) + { + if(includeIdTokenClaims && !(client is OidcDownClient)) + { + throw new InvalidOperationException("Include ID Token claims only possible for OIDC Down Client."); + } + + var filterClaimTypes = new List(); + + if (includeIdTokenClaims) + { + var acceptAllIdTokenClaims = client.Claims?.Cast()?.Where(c => c.Claim == "*" && c.InIdToken)?.Count() > 0; + if (acceptAllIdTokenClaims) + { + filterClaimTypes.Add("*"); + return filterClaimTypes; + } + + filterClaimTypes = filterClaimTypes.ConcatOnce(client.Claims?.Cast().Where(c => c.InIdToken).Select(c => c.Claim)); + filterClaimTypes = filterClaimTypes.ConcatOnce(Constants.DefaultClaims.IdToken); + } + if (includeAccessTokenClaims) + { + GetFilterClaimTypes(client.Claims?.Cast(), filterClaimTypes); + } + + if (selectedScopes?.Count() > 0) + { + if (includeIdTokenClaims) + { + var idTokenVoluntaryClaims = (client as OidcDownClient).Scopes?.Where(s => s.VoluntaryClaims != null && selectedScopes.Any(ss => ss == s.Scope)).SelectMany(s => s.VoluntaryClaims).Where(c => c.InIdToken).Select(c => c.Claim).ToList(); + filterClaimTypes = filterClaimTypes.ConcatOnce(idTokenVoluntaryClaims); + } + if(includeAccessTokenClaims) + { + if(client is OidcDownClient) + { + var accessTokenVoluntaryClaims = (client as OidcDownClient).Scopes?.Where(s => s.VoluntaryClaims != null && selectedScopes.Any(ss => ss == s.Scope)).SelectMany(s => s.VoluntaryClaims).Select(c => c.Claim).ToList(); + filterClaimTypes = filterClaimTypes.ConcatOnce(accessTokenVoluntaryClaims); + } + else + { + var accessTokenVoluntaryClaims = client.Scopes?.Where(s => s.VoluntaryClaims != null && selectedScopes.Any(ss => ss == s.Scope)).SelectMany(s => s.VoluntaryClaims).Select(c => c.Claim).ToList(); + filterClaimTypes = filterClaimTypes.ConcatOnce(accessTokenVoluntaryClaims); + } + } + } + + return filterClaimTypes; + } + + public List GetClientJwtClaims(TClient client, bool onlyIdTokenClaims = false) + { + var claims = client.Claims?.Where(c => c.Values?.Count() > 0); + + if (onlyIdTokenClaims) + { + claims = claims?.Cast().Where(c => c.InIdToken).Cast(); + } + + return claims?.SelectMany(item => item.Values.Select(value => new Claim(item.Claim, value))).ToList(); + } + } +} diff --git a/src/FoxIDs/Logic/Tracks/TrackKeyLogic.cs b/src/FoxIDs/Logic/Tracks/TrackKeyLogic.cs index 729018cfe..ecb9fb005 100644 --- a/src/FoxIDs/Logic/Tracks/TrackKeyLogic.cs +++ b/src/FoxIDs/Logic/Tracks/TrackKeyLogic.cs @@ -12,7 +12,7 @@ using Microsoft.Extensions.Logging; using Microsoft.IdentityModel.Tokens; using RSAKeyVaultProvider; -using UrlCombineLib; +using ITfoxtec.Identity.Util; namespace FoxIDs.Logic { diff --git a/src/FoxIDs/Models/Config/FoxIDsSettings.cs b/src/FoxIDs/Models/Config/FoxIDsSettings.cs index 357e6a5f6..42bd38611 100644 --- a/src/FoxIDs/Models/Config/FoxIDsSettings.cs +++ b/src/FoxIDs/Models/Config/FoxIDsSettings.cs @@ -43,6 +43,12 @@ public class FoxIDsSettings : Settings [Required] public int AccountActionSequenceLifetime { get; set; } + /// + /// Key sequence lifetime in seconds. + /// + [Required] + public int KeySequenceLifetime { get; set; } = 30; + /// /// Confirmation code lifetime in seconds, send in email. /// diff --git a/src/FoxIDs/Models/Logic/LogoutRequest.cs b/src/FoxIDs/Models/Logic/LogoutRequest.cs index 45a209afe..150bf76d0 100644 --- a/src/FoxIDs/Models/Logic/LogoutRequest.cs +++ b/src/FoxIDs/Models/Logic/LogoutRequest.cs @@ -1,7 +1,5 @@ using FoxIDs.Models.Session; -using System.Collections.Generic; using System.ComponentModel.DataAnnotations; -using System.Security.Claims; namespace FoxIDs.Models.Logic { @@ -14,8 +12,6 @@ public class LogoutRequest public bool RequireLogoutConsent { get; set; } - public bool PostLogoutRedirect { get; set; } - - public List Claims { get; set; } + public bool PostLogoutRedirect { get; set; } } } diff --git a/src/FoxIDs/Models/Sequences/ISequenceKey.cs b/src/FoxIDs/Models/Sequences/ISequenceKey.cs new file mode 100644 index 000000000..7cf88d83b --- /dev/null +++ b/src/FoxIDs/Models/Sequences/ISequenceKey.cs @@ -0,0 +1,15 @@ +using System.Collections.Generic; + +namespace FoxIDs.Models.Sequences +{ + public interface ISequenceKey : ISequenceData + { + public string KeyName { get; set; } + + public List KeyNames { get; set; } + + long KeyValidUntil { get; set; } + + bool KeyUsed { get; set; } + } +} diff --git a/src/FoxIDs/Models/Sequences/TrackLinkDownSequenceData.cs b/src/FoxIDs/Models/Sequences/TrackLinkDownSequenceData.cs new file mode 100644 index 000000000..4e4b2228b --- /dev/null +++ b/src/FoxIDs/Models/Sequences/TrackLinkDownSequenceData.cs @@ -0,0 +1,51 @@ +using Newtonsoft.Json; +using System; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; +using System.Linq; + +namespace FoxIDs.Models.Sequences +{ + public class TrackLinkDownSequenceData : ISequenceKey + { + [JsonIgnore] + public string KeyName + { + get + { + if(KeyNames.Count() != 1) + { + throw new Exception("KeyNames do not contain exactly one element."); + } + return KeyNames.First(); + } + set + { + KeyNames = new List { value }; + } + } + + [Required] + [JsonProperty(PropertyName = "kns")] + public List KeyNames { get; set; } + + [JsonProperty(PropertyName = "kvu")] + public long KeyValidUntil { get; set; } + + [JsonProperty(PropertyName = "ku")] + public bool KeyUsed { get; set; } + + [JsonProperty(PropertyName = "uss")] + public string UpPartySequenceString { get; set; } + + [JsonProperty(PropertyName = "c")] + public IEnumerable Claims { get; set; } + + [JsonProperty(PropertyName = "e")] + public string Error { get; set; } + + [JsonProperty(PropertyName = "ed")] + public string ErrorDescription { get; set; } + + } +} diff --git a/src/FoxIDs/Models/Sequences/TrackLinkUpSequenceData.cs b/src/FoxIDs/Models/Sequences/TrackLinkUpSequenceData.cs new file mode 100644 index 000000000..d52b31fff --- /dev/null +++ b/src/FoxIDs/Models/Sequences/TrackLinkUpSequenceData.cs @@ -0,0 +1,51 @@ +using Newtonsoft.Json; +using System; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; +using System.Linq; + +namespace FoxIDs.Models.Sequences +{ + public class TrackLinkUpSequenceData : UpSequenceData, ISequenceKey + { + [JsonIgnore] + public string KeyName + { + get + { + if (KeyNames.Count() != 1) + { + throw new Exception("KeyNames do not contain exactly one element."); + } + return KeyNames.First(); + } + set + { + KeyNames = new List { value }; + } + } + + [Required] + [JsonProperty(PropertyName = "kn2")] + public List KeyNames { get; set; } + + [JsonProperty(PropertyName = "kvu")] + public long KeyValidUntil { get; set; } + + [JsonProperty(PropertyName = "ku")] + public bool KeyUsed { get; set; } + + [JsonProperty(PropertyName = "dss")] + public string DownPartySequenceString { get; set; } + + [JsonProperty(PropertyName = "a")] + public IEnumerable Acr { get; set; } + + [MaxLength(200)] + [JsonProperty(PropertyName = "si")] + public string SessionId { get; set; } + + [JsonProperty(PropertyName = "lc")] + public bool RequireLogoutConsent { get; set; } + } +} diff --git a/src/FoxIDs/Models/ViewModels/DynamicElements/DynamicElementBase.cs b/src/FoxIDs/Models/ViewModels/DynamicElements/DynamicElementBase.cs new file mode 100644 index 000000000..d5f2d3344 --- /dev/null +++ b/src/FoxIDs/Models/ViewModels/DynamicElements/DynamicElementBase.cs @@ -0,0 +1,13 @@ +namespace FoxIDs.Models.ViewModels +{ + public class DynamicElementBase + { + public virtual string DField1 { get; set; } + + public virtual string DField2 { get; set; } + + public virtual string DField3 { get; set; } + + public bool Required { get; set; } + } +} diff --git a/src/FoxIDs/Models/ViewModels/DynamicElements/EmailAndPasswordDElement.cs b/src/FoxIDs/Models/ViewModels/DynamicElements/EmailAndPasswordDElement.cs new file mode 100644 index 000000000..ade11dc02 --- /dev/null +++ b/src/FoxIDs/Models/ViewModels/DynamicElements/EmailAndPasswordDElement.cs @@ -0,0 +1,26 @@ +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Models.ViewModels +{ + public class EmailAndPasswordDElement : DynamicElementBase + { + [Required] + [MaxLength(Constants.Models.User.EmailLength)] + [EmailAddress] + [Display(Name = "Email")] + public override string DField1 { get; set; } + + [Required] + [MaxLength(Constants.Models.Track.PasswordLengthMax)] + [Display(Name = "Password")] + [DataType(DataType.Password)] + public override string DField2 { get; set; } + + [Required] + [MaxLength(Constants.Models.Track.PasswordLengthMax)] + [DataType(DataType.Password)] + [Display(Name = "Confirm password")] + [Compare(nameof(DField2))] + public override string DField3 { get; set; } + } +} diff --git a/src/FoxIDs/Models/ViewModels/DynamicElements/FamilyNameDElement.cs b/src/FoxIDs/Models/ViewModels/DynamicElements/FamilyNameDElement.cs new file mode 100644 index 000000000..862bf1fc7 --- /dev/null +++ b/src/FoxIDs/Models/ViewModels/DynamicElements/FamilyNameDElement.cs @@ -0,0 +1,11 @@ +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Models.ViewModels +{ + public class FamilyNameDElement : DynamicElementBase + { + [MaxLength(Constants.Models.Claim.JwtTypeLength)] + [Display(Name = "Family name")] + public override string DField1 { get; set; } + } +} diff --git a/src/FoxIDs/Models/ViewModels/DynamicElements/GivenNameDElement.cs b/src/FoxIDs/Models/ViewModels/DynamicElements/GivenNameDElement.cs new file mode 100644 index 000000000..c09018115 --- /dev/null +++ b/src/FoxIDs/Models/ViewModels/DynamicElements/GivenNameDElement.cs @@ -0,0 +1,11 @@ +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Models.ViewModels +{ + public class GivenNameDElement : DynamicElementBase + { + [MaxLength(Constants.Models.Claim.JwtTypeLength)] + [Display(Name = "Given name")] + public override string DField1 { get; set; } + } +} diff --git a/src/FoxIDs/Models/ViewModels/DynamicElements/IDynamicElement.cs b/src/FoxIDs/Models/ViewModels/DynamicElements/IDynamicElement.cs new file mode 100644 index 000000000..290215ff8 --- /dev/null +++ b/src/FoxIDs/Models/ViewModels/DynamicElements/IDynamicElement.cs @@ -0,0 +1,9 @@ +namespace FoxIDs.Models.ViewModels +{ + public interface IDynamicElement + { + string DField1 { get; set; } + string DField2 { get; set; } + string DField3 { get; set; } + } +} diff --git a/src/FoxIDs/Models/ViewModels/DynamicElements/NameDElement.cs b/src/FoxIDs/Models/ViewModels/DynamicElements/NameDElement.cs new file mode 100644 index 000000000..dfe82da9b --- /dev/null +++ b/src/FoxIDs/Models/ViewModels/DynamicElements/NameDElement.cs @@ -0,0 +1,11 @@ +using System.ComponentModel.DataAnnotations; + +namespace FoxIDs.Models.ViewModels +{ + public class NameDElement : DynamicElementBase + { + [MaxLength(Constants.Models.Claim.JwtTypeLength)] + [Display(Name = "Full name")] + public override string DField1 { get; set; } + } +} diff --git a/src/FoxIDs/Models/ViewModels/Login/CreateUserViewModel.cs b/src/FoxIDs/Models/ViewModels/Login/CreateUserViewModel.cs index 4322b0623..3c8ec0295 100644 --- a/src/FoxIDs/Models/ViewModels/Login/CreateUserViewModel.cs +++ b/src/FoxIDs/Models/ViewModels/Login/CreateUserViewModel.cs @@ -1,4 +1,5 @@ -using System.ComponentModel.DataAnnotations; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; namespace FoxIDs.Models.ViewModels { @@ -7,30 +8,6 @@ public class CreateUserViewModel : ViewModel public string SequenceString { get; set; } [Required] - [MaxLength(Constants.Models.User.EmailLength)] - [EmailAddress] - [Display(Name = "Email")] - public string Email { get; set; } - - [Required] - [MaxLength(Constants.Models.Track.PasswordLengthMax)] - [Display(Name = "Password")] - [DataType(DataType.Password)] - public string Password { get; set; } - - [Required] - [MaxLength(Constants.Models.Track.PasswordLengthMax)] - [DataType(DataType.Password)] - [Display(Name = "Confirm password")] - [Compare(nameof(Password))] - public string ConfirmPassword { get; set; } - - [MaxLength(Constants.Models.Claim.JwtTypeLength)] - [Display(Name = "Given name")] - public string GivenName { get; set; } - - [MaxLength(Constants.Models.Claim.JwtTypeLength)] - [Display(Name = "Family name")] - public string FamilyName { get; set; } + public List Elements { get; set; } } } diff --git a/src/FoxIDs/Views/Login/CreateUser.cshtml b/src/FoxIDs/Views/Login/CreateUser.cshtml index b4b0e3a0c..0c07da5d6 100644 --- a/src/FoxIDs/Views/Login/CreateUser.cshtml +++ b/src/FoxIDs/Views/Login/CreateUser.cshtml @@ -10,33 +10,44 @@
      + + +
      -
      - - - -
      -
      - - - -
      -
      - - - -
      -
      - - - -
      -
      - - - -
      + @for(var i = 0; i < Model.Elements.Count(); i++) + { + if (Model.Elements[i] is EmailAndPasswordDElement) + { +
      + @Html.GetEmailControl($"Elements[{i}].DField1", Model.Elements[i].DField1, isRequired: true) +
      +
      + @Html.GetPasswordControl($"Elements[{i}].DField2", Model.Elements[i].DField2, isRequired: true) +
      +
      + @Html.GetConfirmPasswordControl($"Elements[{i}].DField3", Model.Elements[i].DField3, $"Elements[{i}].DField2", isRequired: true) +
      + } + else if (Model.Elements[i] is NameDElement) + { +
      + @Html.GetNameControl($"Elements[{i}].DField1", Model.Elements[i].DField1, isRequired: Model.Elements[i].Required) +
      + } + else if (Model.Elements[i] is GivenNameDElement) + { +
      + @Html.GetGivenNameControl($"Elements[{i}].DField1", Model.Elements[i].DField1, isRequired: Model.Elements[i].Required) +
      + } + else if (Model.Elements[i] is FamilyNameDElement) + { +
      + @Html.GetFamilyNameControl($"Elements[{i}].DField1", Model.Elements[i].DField1, isRequired: Model.Elements[i].Required) +
      + } + }
      diff --git a/src/FoxIDs/Views/Login/Identifier.cshtml b/src/FoxIDs/Views/Login/Identifier.cshtml index 32942a77e..ad148ec95 100644 --- a/src/FoxIDs/Views/Login/Identifier.cshtml +++ b/src/FoxIDs/Views/Login/Identifier.cshtml @@ -36,9 +36,19 @@ @if (Model.UpPatries?.Count() > 0) { -
      + @if (Model.ShowEmailSelection) + { +
      + }
      - @Localizer["OR select where to log in"] + @if (Model.ShowEmailSelection) + { + @Localizer["OR select where to log in"] + } + else + { + @Localizer["Select where to log in"] + }
      @if (Model.UpPatries.Count() > 10) { diff --git a/test/FoxIDs.UnitTests/FoxIDs.UnitTests.csproj b/test/FoxIDs.UnitTests/FoxIDs.UnitTests.csproj index f11846c16..4738c0244 100644 --- a/test/FoxIDs.UnitTests/FoxIDs.UnitTests.csproj +++ b/test/FoxIDs.UnitTests/FoxIDs.UnitTests.csproj @@ -6,11 +6,11 @@ - + - - - + + + all diff --git a/tools/FoxIDs.SeedTool/FoxIDs.SeedTool.csproj b/tools/FoxIDs.SeedTool/FoxIDs.SeedTool.csproj index d3f08f461..b162ee808 100644 --- a/tools/FoxIDs.SeedTool/FoxIDs.SeedTool.csproj +++ b/tools/FoxIDs.SeedTool/FoxIDs.SeedTool.csproj @@ -10,7 +10,7 @@ - + diff --git a/tools/FoxIDs.SeedTool/Infrastructure/StartupConfigure.cs b/tools/FoxIDs.SeedTool/Infrastructure/StartupConfigure.cs index c638821f0..7be02c858 100644 --- a/tools/FoxIDs.SeedTool/Infrastructure/StartupConfigure.cs +++ b/tools/FoxIDs.SeedTool/Infrastructure/StartupConfigure.cs @@ -10,7 +10,7 @@ using System; using System.Net.Http; using System.IO; -using UrlCombineLib; +using ITfoxtec.Identity.Util; using ITfoxtec.Identity.Helpers; namespace FoxIDs.SeedTool.Infrastructure diff --git a/tools/FoxIDs.SeedTool/Model/RiskPasswordDeleteApiModel.cs b/tools/FoxIDs.SeedTool/Model/RiskPasswordDeleteApiModel.cs new file mode 100644 index 000000000..1b59b35ba --- /dev/null +++ b/tools/FoxIDs.SeedTool/Model/RiskPasswordDeleteApiModel.cs @@ -0,0 +1,9 @@ +using System.Collections.Generic; + +namespace FoxIDs.SeedTool.Model +{ + public class RiskPasswordDeleteApiModel + { + public List PasswordSha1Hashs { get; set; } + } +} diff --git a/tools/FoxIDs.SeedTool/Model/SeedSettings.cs b/tools/FoxIDs.SeedTool/Model/SeedSettings.cs index 3f05644b5..4ebcda5c8 100644 --- a/tools/FoxIDs.SeedTool/Model/SeedSettings.cs +++ b/tools/FoxIDs.SeedTool/Model/SeedSettings.cs @@ -1,6 +1,5 @@ -using FoxIDs.Models.Config; -using System.ComponentModel.DataAnnotations; -using UrlCombineLib; +using System.ComponentModel.DataAnnotations; +using ITfoxtec.Identity.Util; namespace FoxIDs.SeedTool.Model { diff --git a/tools/FoxIDs.SeedTool/Program.cs b/tools/FoxIDs.SeedTool/Program.cs index 86180012d..7c87dd5af 100644 --- a/tools/FoxIDs.SeedTool/Program.cs +++ b/tools/FoxIDs.SeedTool/Program.cs @@ -21,6 +21,7 @@ static async Task MainAsync(string[] args) Console.WriteLine("Select seed action"); Console.WriteLine("P: Upload risk passwords"); + Console.WriteLine("A: Delete all risk passwords"); var key = Console.ReadKey(); Console.WriteLine(string.Empty); @@ -31,22 +32,23 @@ static async Task MainAsync(string[] args) case 'p': await serviceProvider.GetService().SeedAsync(); break; + case 'a': + await serviceProvider.GetService().DeleteAllAsync(); + break; default: Console.WriteLine("Canceled"); break; } - -#if !DEBUG - Console.WriteLine(string.Empty); - Console.WriteLine("Click any key to end..."); - Console.ReadKey(); -#endif } catch (Exception ex) { - Console.WriteLine($"Error: {ex.ToString()}"); + Console.WriteLine($"Error: {ex}"); } + + Console.WriteLine(string.Empty); + Console.WriteLine("Click any key to end..."); + Console.ReadKey(); } } } diff --git a/tools/FoxIDs.SeedTool/SeedLogic/RiskPasswordSeedLogic.cs b/tools/FoxIDs.SeedTool/SeedLogic/RiskPasswordSeedLogic.cs index 142ffe735..9d7f0c8d2 100644 --- a/tools/FoxIDs.SeedTool/SeedLogic/RiskPasswordSeedLogic.cs +++ b/tools/FoxIDs.SeedTool/SeedLogic/RiskPasswordSeedLogic.cs @@ -4,17 +4,19 @@ using System; using System.Collections.Generic; using System.IO; +using System.Linq; using System.Net.Http; using System.Net.Http.Headers; using System.Threading.Tasks; -using UrlCombineLib; +using ITfoxtec.Identity.Util; namespace FoxIDs.SeedTool.SeedLogic { public class RiskPasswordSeedLogic { - private const int riskPasswordMoreThenBreachesCount = 100; - private const int uploadRiskPasswordBlokSize = 10000; + private const int maxRiskPasswordToUpload = 500000; + private const int riskPasswordMoreThenBreachesCount = 1000; + private const int uploadRiskPasswordBlockSize = 1000; private readonly SeedSettings settings; private readonly IHttpClientFactory httpClientFactory; private readonly AccessLogic accessLogic; @@ -27,45 +29,102 @@ public RiskPasswordSeedLogic(SeedSettings settings, IHttpClientFactory httpClien } public string PasswordRiskListApiEndpoint => UrlCombine.Combine(settings.FoxIDsMasterControlApiEndpoint, "!riskpassword"); + public string PasswordRiskFirstListApiEndpoint => UrlCombine.Combine(settings.FoxIDsMasterControlApiEndpoint, "!riskpasswordfirst"); public async Task SeedAsync() { - Console.WriteLine("Uploading risk passwords"); - var totalCount = 0; + Console.Write("Uploading risk passwords"); + var addCount = 0; + var readCount = 0; var riskPasswords = new List(); using (var streamReader = File.OpenText(settings.PwnedPasswordsPath)) { - var i = 0; while (streamReader.Peek() >= 0) { - i++; var split = streamReader.ReadLine().Split(':'); var breachesCount = Convert.ToInt32(split[1]); + readCount++; if (breachesCount >= riskPasswordMoreThenBreachesCount) { - riskPasswords.Add(new RiskPasswordApiModel { PasswordSha1Hash = split[0], Count = breachesCount }); - if (riskPasswords.Count >= uploadRiskPasswordBlokSize) + var index = riskPasswords.FindLastIndex(p => p.Count >= breachesCount); + if (index < maxRiskPasswordToUpload) { - totalCount += riskPasswords.Count; - await SavePasswordsRiskListAsync(await accessLogic.GetAccessTokenAsync(), riskPasswords); - Console.WriteLine($"Risk passwords uploaded '{totalCount}', last breaches count '{breachesCount}'"); - riskPasswords = new List(); + if (riskPasswords.Where(p => p.PasswordSha1Hash == split[0]).Any()) + { + Console.WriteLine($"{Environment.NewLine}Risk password SHA1 hash '{split[0]}' already read."); + } + else + { + riskPasswords.Insert(index + 1, new RiskPasswordApiModel { PasswordSha1Hash = split[0], Count = breachesCount }); + addCount++; + if (addCount % 1000 == 0) + { + Console.Write($"{Environment.NewLine}Risk passwords read '{readCount}'"); + } + else if (addCount % 100 == 0) + { + Console.Write("."); + } + } + } + + if (riskPasswords.Count() > maxRiskPasswordToUpload) + { + riskPasswords.RemoveAt(riskPasswords.Count() - 1); } } - else - { - break; - } } } - if (riskPasswords.Count > 0) + Console.WriteLine($"{Environment.NewLine}Risk passwords total read '{readCount}', total ready for upload '{riskPasswords.Count()}'"); + await UploadAsync(riskPasswords); + Console.WriteLine("All risk passwords uploaded"); + } + + private async Task UploadAsync(List riskPasswords) + { + var totalCount = 0; + var riskPasswordsBlock = new List(); + foreach(var riskPassword in riskPasswords) + { + riskPasswordsBlock.Add(riskPassword); + if (riskPasswordsBlock.Count >= uploadRiskPasswordBlockSize) + { + totalCount += riskPasswordsBlock.Count; + await SavePasswordsRiskListAsync(await accessLogic.GetAccessTokenAsync(), riskPasswordsBlock); + Console.WriteLine($"Risk passwords uploaded '{totalCount}'"); + riskPasswordsBlock = new List(); + } + } + + if (riskPasswordsBlock.Count > 0) + { + totalCount += riskPasswordsBlock.Count; + Console.WriteLine($"Uploading the last risk passwords '{totalCount}'"); + await SavePasswordsRiskListAsync(await accessLogic.GetAccessTokenAsync(), riskPasswordsBlock); + } + } + + public async Task DeleteAllAsync() + { + Console.WriteLine("Delete all risk passwords"); + var totalCount = 0; + while (true) { - Console.WriteLine("Uploading the last risk passwords"); - await SavePasswordsRiskListAsync(await accessLogic.GetAccessTokenAsync(), riskPasswords); + var riskPasswords = await GetPasswordsRiskFirstListAsync(await accessLogic.GetAccessTokenAsync()); + if(riskPasswords?.Count > 0) + { + totalCount = totalCount + riskPasswords.Count(); + await DeletePasswordsRiskListAsync(await accessLogic.GetAccessTokenAsync(), riskPasswords.Select(r => r.PasswordSha1Hash).ToList()); + Console.WriteLine($"Risk passwords deleted '{totalCount}'"); + } + else + { + break; + } } - Console.WriteLine($"All '{totalCount}' risk passwords uploaded"); + Console.WriteLine($"All '{totalCount}' risk passwords deleted"); } private async Task SavePasswordsRiskListAsync(string accessToken, List riskPasswords) @@ -75,5 +134,31 @@ private async Task SavePasswordsRiskListAsync(string accessToken, List> GetPasswordsRiskFirstListAsync(string accessToken) + { + var client = httpClientFactory.CreateClient(); + client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(IdentityConstants.TokenTypes.Bearer, accessToken); + using var response = await client.GetAsync(PasswordRiskFirstListApiEndpoint); + await response.ValidateResponseAsync(); + var result = await response.Content.ReadAsStringAsync(); + return result.ToObject>(); + } + + private async Task DeletePasswordsRiskListAsync(string accessToken, List passwordSha1Hashs) + { + var body = new RiskPasswordDeleteApiModel { PasswordSha1Hashs = passwordSha1Hashs }; + + var request = new HttpRequestMessage(); + request.Headers.Authorization = new AuthenticationHeaderValue(IdentityConstants.TokenTypes.Bearer, accessToken); + var content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(body)); + content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/json"); + request.Content = content; + request.Method = new HttpMethod("DELETE"); + request.RequestUri = new Uri(PasswordRiskListApiEndpoint); + var client = httpClientFactory.CreateClient(); + using var response = await client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead); + await response.ValidateResponseAsync(); + } } }