PT-13919: SSO is reset to Password after some period. (#2708)

fix: SSO is reset to Password after some period by implementing SecurityStampValidatorOptions.OnRefreshingPrincipal
VirtoCommerce · Oct 13, 2023 · 2ea6b6d · 2ea6b6d
1 parent 66091d2
commit 2ea6b6d
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 0 deletions.
diff --git a/src/VirtoCommerce.Platform.Security/ConfigureSecurityStampValidatorOptions.cs b/src/VirtoCommerce.Platform.Security/ConfigureSecurityStampValidatorOptions.cs
@@ -0,0 +1,34 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Options;
+using VirtoCommerce.Platform.Security.Extensions;
+
+namespace VirtoCommerce.Platform.Security
+{
+    public class ConfigureSecurityStampValidatorOptions : IConfigureOptions<SecurityStampValidatorOptions>
+    {
+        public void Configure(SecurityStampValidatorOptions options)
+        {
+            options.ValidationInterval = TimeSpan.FromMinutes(30);
+
+            // When refreshing the principal, ensure custom claims that
+            // might have been set with an external identity continue
+            // to flow through to this new one.
+            options.OnRefreshingPrincipal = refreshingPrincipal =>
+            {
+                var newIdentity = refreshingPrincipal.NewPrincipal?.Identities.First();
+                var currentIdentity = refreshingPrincipal.CurrentPrincipal?.Identities.First();
+
+                if (currentIdentity is not null)
+                {
+                    // Since this is refreshing an existing principal, we want to merge all claims.
+                    newIdentity?.MergeAllClaims(currentIdentity);
+                }
+
+                return Task.CompletedTask;
+            };
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Extensions/MergeClaimsIdentityExtensions.cs b/src/VirtoCommerce.Platform.Security/Extensions/MergeClaimsIdentityExtensions.cs
@@ -0,0 +1,17 @@
+using System.Linq;
+using System.Security.Claims;
+
+namespace VirtoCommerce.Platform.Security.Extensions
+{
+    public static class MergeClaimsIdentityExtensions
+    {
+        public static void MergeAllClaims(this ClaimsIdentity destination, ClaimsIdentity source)
+        {
+            foreach (var claim in source.Claims
+                         .Where(claim => !destination.HasClaim(claim.Type, claim.Value)))
+            {
+                destination.AddClaim(new Claim(claim.Type, claim.Value));
+            }
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Web/Startup.cs b/src/VirtoCommerce.Platform.Web/Startup.cs
@@ -264,6 +264,8 @@ public void ConfigureServices(IServiceCollection services)
                 options.ClaimsIdentity.RoleClaimType = OpenIddictConstants.Claims.Role;
             });
 
+            services.ConfigureOptions<ConfigureSecurityStampValidatorOptions>();
+
             // Load server certificate (from DB or file) and register it as a global singleton
             // to allow the platform hosting under the cert
             ICertificateLoader certificateLoader;