From 91858c6ae3635700506e705d119e1f5bd0a6e2d8 Mon Sep 17 00:00:00 2001 From: Artem Dudarev Date: Fri, 13 Dec 2024 18:14:40 +0200 Subject: [PATCH] Fix refresh token after impersonation --- .../Controllers/Api/AuthorizationController.cs | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/AuthorizationController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/AuthorizationController.cs index 9498aa7bf7..ac37868b61 100644 --- a/src/VirtoCommerce.Platform.Web/Controllers/Api/AuthorizationController.cs +++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/AuthorizationController.cs @@ -212,7 +212,11 @@ public async Task Exchange() // Create a new authentication ticket, but reuse the properties stored in the // authorization code/refresh token, including the scopes originally granted. var ticket = await CreateTicketAsync(user, context); - ticket.Principal.SetAuthenticationMethod(info.Principal.GetAuthenticationMethod(), [Destinations.AccessToken]); + + var destinations = new[] { Destinations.AccessToken }; + CopyClaim(info.Principal, ticket.Principal, ClaimTypes.AuthenticationMethod, destinations); + CopyClaim(info.Principal, ticket.Principal, PlatformConstants.Security.Claims.OperatorUserId, destinations); + CopyClaim(info.Principal, ticket.Principal, PlatformConstants.Security.Claims.OperatorUserName, destinations); return SignIn(ticket.Principal, ticket.AuthenticationScheme); } @@ -288,10 +292,8 @@ public async Task Exchange() } // Resolve Impersonator from claims or from current user - var operatorUserId = string.IsNullOrEmpty(User.FindFirstValue(PlatformConstants.Security.Claims.OperatorUserId)) ? - user.Id : User.FindFirstValue(PlatformConstants.Security.Claims.OperatorUserId); - var operatorUserName = string.IsNullOrEmpty(User.FindFirstValue(PlatformConstants.Security.Claims.OperatorUserName)) ? - user.UserName : User.FindFirstValue(PlatformConstants.Security.Claims.OperatorUserName); + var operatorUserId = User.FindFirstValue(PlatformConstants.Security.Claims.OperatorUserId)?.EmptyToNull() ?? user.Id; + var operatorUserName = User.FindFirstValue(PlatformConstants.Security.Claims.OperatorUserName)?.EmptyToNull() ?? user.UserName; var userId = openIdConnectRequest.GetParameter("user_id")?.Value?.ToString(); ApplicationUser impersonatedUser; @@ -567,6 +569,12 @@ public async Task Logout() } + private static void CopyClaim(ClaimsPrincipal source, ClaimsPrincipal target, string claimType, IList destinations) + { + var value = source.FindFirstValue(claimType); + target.SetClaimWithDestinations(claimType, value, destinations); + } + private static bool RequestHasExpired(OpenIddictRequest request, AuthenticateResult result) { return request.MaxAge != null &&