warrenchen/member_center
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: warrenchen:02874677becfec51b44c91f84fac8f60af51a543
Branches Tags
warrenchen:master
warrenchen:develop
..
compare: warrenchen:f9a66dccad8e5d73d710b985cc73391df05d2196
Branches Tags
warrenchen:develop
warrenchen:master

4 Commits
02874677be ... f9a66dccad

Author SHA1 Message Date
Warren Chen
f9a66dccad Merge branch 'develop' of https://gitea.innovedus.com/warrenchen/member_center into develop 2026-04-23 00:50:25 +09:00
Warren Chen
5f32452263 Add auth resource registry for audience and scope mapping 2026-04-23 00:50:11 +09:00
Warren Chen
f1077d0801 Add MemberCenter test site and documentation 2026-04-23 00:30:09 +09:00
Warren Chen
8585190123 Add web login OAuth redirect flow 2026-04-23 00:15:53 +09:00
107 changed files with 77642 additions and 160 deletions
Show Stats Expand all files Collapse all files

7
MemberCenter.sln
View File

@ -17,6 +17,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MemberCenter.Installer", "s
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MemberCenter.Web", "src\MemberCenter.Web\MemberCenter.Web.csproj", "{91DF0CEA-698F-4DF5-A44C-89AB38AA2561}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MemberCenter.TestSite", "src\MemberCenter.TestSite\MemberCenter.TestSite.csproj", "{ABA4996C-B48F-444C-BEF2-83BDED5D74B2}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@ -50,6 +52,10 @@ Global
{91DF0CEA-698F-4DF5-A44C-89AB38AA2561}.Debug|Any CPU.Build.0 = Debug|Any CPU
{91DF0CEA-698F-4DF5-A44C-89AB38AA2561}.Release|Any CPU.ActiveCfg = Release|Any CPU
{91DF0CEA-698F-4DF5-A44C-89AB38AA2561}.Release|Any CPU.Build.0 = Release|Any CPU
{ABA4996C-B48F-444C-BEF2-83BDED5D74B2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{ABA4996C-B48F-444C-BEF2-83BDED5D74B2}.Debug|Any CPU.Build.0 = Debug|Any CPU
{ABA4996C-B48F-444C-BEF2-83BDED5D74B2}.Release|Any CPU.ActiveCfg = Release|Any CPU
{ABA4996C-B48F-444C-BEF2-83BDED5D74B2}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(NestedProjects) = preSolution
{7733733D-22EB-431D-A8AA-833486C3E0E2} = {150D3A20-BF61-4012-BD40-05D408749112}
@ -58,5 +64,6 @@ Global
{051ECE48-E49B-4E42-BE08-6E9AAB7262BC} = {150D3A20-BF61-4012-BD40-05D408749112}
{5FAA2380-3354-4FC8-BDFE-2E31E8AD9EE2} = {150D3A20-BF61-4012-BD40-05D408749112}
{91DF0CEA-698F-4DF5-A44C-89AB38AA2561} = {150D3A20-BF61-4012-BD40-05D408749112}
{ABA4996C-B48F-444C-BEF2-83BDED5D74B2} = {150D3A20-BF61-4012-BD40-05D408749112}
EndGlobalSection
EndGlobal

2
README.md
View File

@ -45,6 +45,7 @@
- `docs/TECH_STACK.md`:技術棧與選型
- `docs/INSTALL.md`:安裝、初始化與維運指令
- `docs/MEMBER_UPGRADE_PLAN.md`會員中心下一階段升級規劃設定畫面、SMTP、Email 驗證、忘記密碼、角色分級)
- `docs/TEST_SITE.md`手動整合測試站說明API login、redirect login、會員 API happy path
## 專案結構
```text
@ -52,6 +53,7 @@ member_center/
├── src/
│ ├── MemberCenter.Api/ # REST APIOAuth/OIDC、訂閱、管理 API
│ ├── MemberCenter.Web/ # MVC Web UIclient-first 會員介面 + Areas/Admin 管理介面)
│ ├── MemberCenter.TestSite/ # 手動整合測試站API / redirect login happy path
│ ├── MemberCenter.Installer/ # 安裝與初始化 CLImigrate/init/admin
│ ├── MemberCenter.Application/ # 應用層介面與 DTO
│ ├── MemberCenter.Infrastructure/# EF Core、Identity、OpenIddict、服務實作

34
docs/DESIGN.md
View File

@ -62,7 +62,7 @@
- roles / user_roles (Identity)
- id, name, created_at
- OpenIddictApplications
- id, client_id, client_secret, display_name, permissions, redirect_uris, properties`tenant_id`, `usage=tenant_api|send_api|webhook_outbound|platform_service`
- id, client_id, client_secret, display_name, permissions, redirect_uris, properties`tenant_id`, `usage=tenant_api|send_api|web_login|webhook_outbound|platform_service|file_api`
- OpenIddictAuthorizations
- id, application_id, status, subject, type, scopes
- OpenIddictTokens
@ -94,10 +94,21 @@
## 6. 核心流程
### 6.1 OAuth2/OIDC Redirect 登入Authorization Code + PKCE
1) 站點導向 `/oauth/authorize`,帶 `client_id`, `redirect_uri`, `code_challenge`, `scope=openid email`
2) 使用者於會員中心登入
3) 成功後導回 `redirect_uri` 並附 `code`
4) 站點以 `code` + `code_verifier``/oauth/token` 換取 token + `id_token`
狀態:已支援 `usage=web_login`
1) 站點建立 OAuth client`usage=web_login`,設定 `redirect_uris`
2) 站點導向 `/oauth/authorize`,帶 `client_id`, `redirect_uri`, `code_challenge`, `code_challenge_method=S256`, `response_type=code`, `scope=openid email profile`
3) 若使用者尚未登入,`/oauth/authorize` 會導向會員中心 Web login登入後回到原 authorize request
4) 成功後導回 `redirect_uri` 並附 `code`
5) 站點以 `code` + `code_verifier``/oauth/token` 換取 token
實作註記:
- API 與 Web 需共用 DataProtection application name `MemberCenter`,使 API authorize endpoint 可讀取 Web login cookie。
- 若 API 與 Web 位於不同子網域,需設定 `Auth:CookieDomain`,例如 `.example.com`
- 若 API 與 Web 不同 originWeb login 僅允許導回 `Auth:Issuer``Auth:AllowedLoginReturnUrlPrefixes` 內的 return URL。
- API 可用 `Auth:WebLoginUrl` 指定登入頁位置;預設為 `/account/login`
- `web_login` 可使用 public client + PKCE不要求 client secret。
- `web_login` client 可使用 `openid email profile`,並預留 `profile:basic.read`
### 6.2 OAuth2 API 使用(站點自行 UI
1) 站點以 API 驗證使用者登入(會員中心提供 login API
@ -186,7 +197,7 @@
2) Download 採 delegated short-lived token
- client 向 `A service` 要求下載
- `A service` 驗商業規則與檔案權限
- `A service` 取得或簽發短效 download token
- `A service` 向新 File Access 專案取得短效 download token,或由 File Access 專案提供簽發元件
- client 帶短效 token 直接向 access agent / file space 請求檔案
- access agent 驗 token 後放行
@ -248,6 +259,13 @@ resource registry 至少需定義:
- delegated token 與一般 S2S token 共用同一套 resource registry不重複維護 audience 規則
- 對外資料讀寫授權完全由 scope 決定,只要 client 被授權該 scope 即可存取對應能力
目前實作狀態:
- DB registry 第一版已加入 `auth_resources``auth_resource_scopes``auth_client_usage_permissions`
- 預設 seed 已包含 `member_center_api``send_engine_api``file_access_api`
- OAuth client usage-scope matrix 已由 DB 驅動,包含 `file_api`
- resource registry 管理 UI 仍待補
- delegated download token 發放流程不放在 Member Center會在新 File Access 專案實作
## 7. API 介面(草案)
- GET `/oauth/authorize`
- POST `/oauth/token`
@ -303,7 +321,7 @@ resource registry 至少需定義:
- token 內含 `tenant_id` 與 scope
- Send Engine 收到租戶請求後以 JWKS 驗簽 JWTJWS
- 驗簽通過後將 `tenant_id` 固定在 request context不接受 body 覆寫
- File Access 與未來外部服務亦沿用此模型,差異由 scopes / audience / delegated token 規則表達
- File Access 與未來外部服務亦沿用此模型File Access 的 delegated token 規則由新 File Access 專案處理
- 若其他服務要讀取會員個資,應只授予必要的 profile read scopes不應沿用過寬的 `profile` OIDC scope
- service API 為主要整合模式,存取控制以 scopes 為唯一授權來源
@ -313,7 +331,7 @@ resource registry 至少需定義:
- `subscription.linked_to_user` 事件已發送
- 安全設定頁access/refresh 時效)目前僅存值,尚未實際套用到 OpenIddict token lifetime
- Audit Logs 目前以查詢為主,關鍵操作的寫入覆蓋率仍不足
- resource registry 與 file access token issuing 尚未實作,現況仍是兩組 audience 硬編碼
- resource registry 已完成 DB 驅動第一版file access delegated token issuing 不屬於 Member Center會在新專案實作
## 8. 安全與合規
- 密碼強度與防暴力破解rate limit + lockout

10
docs/FLOWS.md
View File

@ -11,8 +11,12 @@
## F-02 登入OAuth2 + OIDC
- [API] 站點送出 `POST /auth/login` 取得 access_token + id_token
- [API] 站點建立自身 session
- [UI] 導向 `/oauth/authorize` 完成授權碼流程
- [UI] 站點用 code 換 token + id_token
- [UI] 使用 `usage=web_login` OAuth client導向 `/oauth/authorize` 完成 Authorization Code + PKCE
- [UI] 若未登入,會員中心會導向 Web login登入後回到原 authorize request
- [UI] 站點用 code + code_verifier 換 token
- [UI] `web_login` 可使用 public client不要求 client secret必須設定 redirect URI
- [UI] 若 Web 與 API 不同 origin需設定 `Auth:WebLoginUrl`,且 Web 端需允許導回 `Auth:Issuer``Auth:AllowedLoginReturnUrlPrefixes`
- [UI] 若 Web 與 API 位於不同子網域,需設定 `Auth:CookieDomain`,讓 authorize endpoint 可讀取 Web login cookie
## F-02b 內容站台呼叫 Send EngineClient Credentials + JWT 驗簽)
- [API] 內容站台以 `client_credentials` 呼叫 `POST /oauth/token` 取得 access_token`usage=send_api`
@ -30,7 +34,7 @@
## F-02d 檔案下載A service -> client -> File Space
- [API] client 向 `A service` 請求下載檔案
- [API] `A service` 驗證該 request 是否可讀取指定檔案
- [API] `A service` 取得或簽發短效 download token
- [API] `A service` 向新 File Access 專案取得短效 download token,或使用 File Access 專案提供的簽發元件
- [API] download token 需至少綁定 `tenant_id + file_id/object_key + method=GET + exp`
- [UI/API] `A service` 將帶短效 token 的下載 URL 回給 client
- [UI/API] client 直接向 access agent / file space 請求檔案

10
docs/INSTALL.md
View File

@ -49,11 +49,15 @@ SendEngine__WebhookSecret=change-me
```
相容性說明:
- 現行程式仍使用:
- 現行程式已優先使用 resource registry 與目標型態:
- `Auth__Resources__MemberCenter__Audience`
- `Auth__Resources__SendEngine__Audience`
- `Auth__Resources__FileAccess__Audience`
- 舊 key 仍保留相容讀取:
- `Auth__MemberCenterAudience`
- `Auth__SendEngineAudience`
- 規劃上將收斂為 `Auth__Resources__*__Audience` 形式,避免每新增一個外部服務就再增加一組平行 env key。
- `File Access` 落地時,應直接採用 resource registry 形式,不再新增第三組硬編碼 audience 判斷。
- 規劃上將收斂為 DB resource registry`.env` 僅作為初始 seed / 部署覆寫來源,不應再為每個新服務新增平行 hardcoded key。
- `File Access` 已直接採用 resource registry 形式,不新增第三組硬編碼 audience 判斷。
`SendEngine` 設定說明:
- `SendEngine__BaseUrl`: Send Engine API base URL

50
docs/MEMBER_UPGRADE_PLAN.md
View File

@ -111,13 +111,19 @@
- Web login / external login / password grant login 成功後更新 `last_login_at` / `last_seen_at`
- disabled 帳號無法透過 Web login、external login、password grant 取得登入
- Web cookie 與 API authenticated request 會檢查 disabled 狀態
- 已補 redirect 型登入 `web_login`
- OAuth client usage 新增 `web_login`
- 支援 Authorization Code + PKCE
- `/oauth/authorize` 未登入時會導向 Web login登入後回到原 authorize request
- `/oauth/token` 已支援 authorization code exchange
- API / Web 共用 DataProtection application name `MemberCenter`
- 支援 `Auth:WebLoginUrl``Auth:AllowedLoginReturnUrlPrefixes` 處理 Web / API 不同 origin 的 redirect login
進行中:
- profile / addresses / subscriptions 的畫面目前為最小可用版本,尚未優化樣式與完整驗證提示
待續作:
- OAuth client usage 與 profile scopes 的最終授權矩陣仍偏靜態,尚未進到 resource registry / DB 驅動
- Auth resource registry 與 audience/scope 資料驅動化
- resource registry 管理 UI
- Email 驗證信 / 重設信的正式模板與文案優化
- rate limit 與 lockout 規則補齊:
- one-click unsubscribe token 申請
@ -157,20 +163,22 @@
- `MemberCenter.Api` 已有 `GET /user/profile`,但目前只提供基礎欄位,不足以支撐其他服務查詢完整會員資料。
- `docs/DESIGN.md` / `docs/FLOWS.md` 已定義 File Access 流程:
- upload: `client_credentials` 取得 upload token 後由外部服務直連 file space
- download: 由業務服務驗權後再簽發短效 delegated download token
- `TokenController.ResolveResources()` 已依 scope 決定 token audience目前內建
- `member_center_api`
- `send_engine_api`
- download: 由業務服務驗權後,交由新 File Access 專案簽發或管理短效 delegated download token
- Auth resource registry 第一版已落地:
- 新增 `auth_resources``auth_resource_scopes``auth_client_usage_permissions`
- `TokenController` 已改由 scope 查 registry 決定 token audiences
- OAuth client usage 可使用的 scopes 已改由 DB permission matrix 決定
- 預設資源包含 `member_center_api``send_engine_api``file_access_api`
### 部分實作
- `SendEngine__BaseUrl``SendEngine__WebhookSecret` 仍停留在設定來源與 options binding尚未進入可編輯的管理畫面。
- Auth 資源 / audience / scope registry 仍為靜態實作,尚未資料驅動化
- Auth 資源 / audience / scope registry 已完成 DB 驅動第一版,仍缺管理 UI
- 帳號治理後台、角色模型與 disabled account 規則已完成第一版,但仍缺進一步細化與保護規則。
- profile / addresses / subscriptions 畫面與驗證目前為最小可用版本,尚未完成 UI refinement。
### 待補項
- File Access 的 OAuth client usage、scope、audience 與 delegated token 發放流程尚未落地到程式
- Token resource / audience 的設定方式目前仍偏硬編碼,尚未抽象成可擴充模型
- File Access 的 OAuth client usage、scope、audience 已落地delegated token 發放流程不放在 Member Center會在新 File Access 專案實作
- Token resource / audience 已抽象為 registry後續需補 resource registry 管理畫面
- Email 樣板正式文案與會員 / 後台 UI 細節仍待整理。
- rate limit 仍缺少 `one-click unsubscribe token` 與更細的風控觀測。
@ -528,7 +536,7 @@
目前進度:
- `profile:*` scopes 已註冊並接上 policy
- current-user 與 by-email service API 已完成第一版
- audience / resource registry 仍為靜態,不在本輪完成範圍內
- audience / resource registry DB 驅動第一版已完成
#### 6.3 API 邊界建議
- 其他服務 API
@ -597,7 +605,7 @@
- 兩種入口最終都回到同一組 subscription 資料。
### 8. 會員中心作為外部服務的 Token / Auth 中心
狀態:`部分完成audience/scope 抽象化待續作`
狀態:`Auth 基礎已完成,管理 UI 待補`
#### 8.1 共通模型
- Send Engine 與 File Access 本質上是同一套模型:
@ -620,7 +628,7 @@
- `files:metadata.read`
- 新增 audience
- `file_access_api`
- 新增 delegated token 規則:
- File Access 新專案需實作 delegated token 規則:
- 下載 token 必須短效
- 必須綁定 `tenant_id`
- 必須綁定 `file_id``object_key`
@ -635,7 +643,7 @@
- scopes
- client usages
- 是否需要 `tenant_id`
- 是否允許 delegated token
- 是否允許 delegated token(供 File Access 判斷,不代表 Member Center 負責簽發檔案下載 token
- 新增資源服務時,只擴充 registry 與授權規則,不再修改硬編碼 audience 分支。
- 所有外部資料存取均以 scope 作為唯一授權依據。
@ -646,12 +654,13 @@
- `file_api` -> `file_access_api`
- scope 用於細粒度權限控制。
- `TokenController` 依 scope 與 usage 對照 resource registry 計算 `resources/audiences`
- delegated token 與一般 S2S token 共用同一套 token issuing abstraction。
- delegated download token issuing 屬於新 File Access 專案責任Member Center 只負責發出可呼叫 File Access 的 OAuth access token。
目前進度:
- Send Engine 與 profile scopes 已有基礎 audience / resource 映射
- File Access 流程仍停留在文件與設計層
- resource registry / delegated token abstraction 尚未實作
- Send Engine、Member Center profile/newsletter scopes、File Access scopes 已進 registry
- `TokenController` 已以 registry 解析 audiences
- OAuth client usage-scope matrix 已以 `auth_client_usage_permissions` 驅動
- File Access delegated token issuing、流程測試與 sample code 會在新 File Access 專案實作
### 9. 審計紀錄
狀態:`大致完成,少數治理事件待續作`
@ -759,16 +768,13 @@
### API
- 若設定畫面走 API需新增設定讀寫端點。
- 若帳號管理後台走 API需新增角色管理與帳號查詢端點。
- 若要支援 File Access需新增或擴充
- resource / audience mapping
- file scopes 註冊
- delegated download token issuing
- File Access 的 resource / audience mapping 與 file scopes 已完成;流程測試與 sample code 會在新 File Access 專案實作。
- 需新增 current-user 型 profile / addresses / subscriptions API 與對應 scopes。
### Infrastructure
- 新增 SMTP sender 與設定存取服務。
- 調整帳號 provisioning 與角色管理服務。
- 抽出 token resource resolver / delegated token issuer避免 audience 與 scope 判斷散落在 controller。
- token resource resolver 已抽到 registry serviceFile Access delegated token issuer 不屬於 Member Center。
- 新增會員基本資料與地址簿的資料模型與服務層。
### Installer

2
docs/MESSMAIL.md
View File

@ -81,7 +81,7 @@ curl -s -X POST https://{send-engine}/api/send-jobs \
- Send Engine 以 Member Center 的 JWKS 驗簽 access tokenJWS
- 驗證重點:`iss``aud``scope``tenant_id``exp`
- `iss`:由 Member Center `Auth__Issuer` 設定(例:`http://localhost:7850/`
- `aud`Send Engine 流程預設 `send_engine_api`(可用 `Auth__SendEngineAudience` 覆寫)
- `aud`Send Engine 流程預設 `send_engine_api`,由 Auth resource registry 決定;舊版 `Auth__SendEngineAudience` 仍作為相容 seed 來源
---

17
docs/OPENAPI.md
View File

@ -72,6 +72,16 @@
- `usage=send_api`
- 供租戶站台呼叫 Send Engine 發信流程
- 內建 scope`newsletter:send.write``newsletter:send.read`
- `usage=file_api`
- 供檔案上傳 / 下載服務使用
- 使用 `client_credentials`
- 內建 scope`files:upload.write``files:download.read``files:download.delegate``files:metadata.read``files:delete`
- `usage=web_login`
- 供外部網站使用 Member Center 統一登入 UI
- 使用 Authorization Code + PKCE
- 需設定 `redirect_uris`
- 可使用 `client_type=public`
- 允許 scope`openid``email``profile``profile:basic.read`
- `usage=webhook_outbound`
- 供 Member Center 內部標記「對外 webhook 用」的租戶憑證用途
- 不可用於租戶 API 呼叫
@ -80,8 +90,8 @@
- `usage=platform_service`
- 供平台級 S2S例如 SES 聚合事件回寫)
- 可不綁定 `tenant_id`scope 使用 `newsletter:events.write.global`
- `tenant_api` / `send_api` / `platform_service` 建議(且實作要求)`client_type=confidential`
- `redirect_uris``webhook_outbound` 需要;其他 usage 可為空
- `tenant_api` / `send_api` / `platform_service` / `file_api` 建議(且實作要求)`client_type=confidential`
- `redirect_uris``web_login` / `webhook_outbound` 需要;其他 usage 可為空
- 管理規則:
- 每個 tenant 至少 2 組憑證(`tenant_api` / `webhook_outbound`
- 平台級流程另建 `platform_service` 憑證
@ -98,7 +108,7 @@
- `POST /newsletter/one-click-unsubscribe-tokens`已實作Send Engine 批次申請 one-click token
### Auth / Scope
- `tenant_api` / `send_api` / `webhook_outbound` 類型需綁定 `tenant_id`
- `tenant_api` / `send_api` / `file_api` / `webhook_outbound` 類型需綁定 `tenant_id`
- `platform_service` 可不綁定 `tenant_id`
- 新增 scope
- `newsletter:list.read`
@ -173,6 +183,7 @@
補充:
- File Access 與 Send Engine 同屬「外部資源服務」,驗證模型一致
- 差異在於 File Access download token 為 delegated short-lived token而非一般 client credentials token
- delegated download token issuing、流程測試與 sample code 會在新 File Access 專案實作,不屬於 Member Center API
### 回寫原因碼Send Engine -> Member Center
- `hard_bounce`

66
docs/TEST_SITE.md Normal file
View File

@ -0,0 +1,66 @@
# Member Center Test Site
`src/MemberCenter.TestSite` 是手動 happy-path 測試用網站,用來先驗證外部網站整合會員中心的最小流程。
## 啟動
```bash
dotnet run --project src/MemberCenter.TestSite
```
預設 HTTP URL
```text
http://localhost:5243
```
## 必要設定
`src/MemberCenter.TestSite/appsettings.Development.json` 或環境變數設定:
```json
{
"MemberCenter": {
"ApiBaseUrl": "http://localhost:7850",
"WebLoginClientId": "<web_login client id>",
"ServiceClientId": "<service client id>",
"ServiceClientSecret": "<service client secret>"
}
}
```
`web_login` OAuth client
- `usage=web_login`
- `client_type=public`
- redirect URI: `http://localhost:5243/auth/callback`
- scopes: `openid email profile profile:basic.read profile:basic.write profile:addresses.read profile:addresses.write profile:subscriptions.read profile:subscriptions.write`
service OAuth client
- 建議使用 `tenant_api``platform_service`
- `client_type=confidential`
- scopes 至少包含 `profile:basic.read profile:addresses.read`
若 Member Center API 與 Web login 不同 originMember Center 需設定:
```text
Auth__WebLoginUrl=<Member Center Web login URL>
Auth__AllowedLoginReturnUrlPrefixes=<Member Center API issuer/base URL>
Auth__CookieDomain=<shared cookie domain, production subdomain SSO only>
```
## 第一批 Happy Path
測試站目前包含:
1. Redirect login 拿 token
2. API login 拿 token
3. `GET /user/profile`
4. `POST /user/profile`
5. `GET /user/addresses`
6. `POST /user/addresses`
7. `GET /user/subscriptions`
8. `POST /user/subscriptions/{id}/unsubscribe`
9. service token 呼叫 `GET /user/profile/by-email`
10. service token 呼叫 `GET /user/addresses/by-email`
測試站只做 happy path不取代完整自動化測試。

4
docs/UI.md
View File

@ -57,8 +57,8 @@
### 管理者端(統一 UI
- UC-11 租戶管理: `/admin/tenants`
- UC-11.1 Tenant 可設定 `Send Engine Webhook Client Id`UUID
- UC-12 OAuth Client 管理: `/admin/oauth-clients`(建立時顯示一次 client_secret可旋轉可選 `usage=tenant_api` / `send_api` / `webhook_outbound` / `platform_service` / `file_api``platform_service` 可不指定 tenant
- `redirect_uris``webhook_outbound` 需要;其餘 usage 不需要
- UC-12 OAuth Client 管理: `/admin/oauth-clients`(建立時顯示一次 client_secret可旋轉可選 `usage=tenant_api` / `send_api` / `web_login` / `webhook_outbound` / `platform_service` / `file_api``platform_service` / `web_login` 可不指定 tenant
- `redirect_uris``web_login` / `webhook_outbound` 需要;其餘 usage 不需要
- `tenant_api` / `send_api` / `platform_service` / `file_api` 強制 `client_type=confidential`
- UC-13 電子報清單管理: `/admin/newsletter-lists`
- UC-14 訂閱查詢 / 匯出: `/admin/subscriptions`, `/admin/subscriptions/export`

2
docs/openapi.yaml
View File

@ -1081,6 +1081,6 @@ components:
type: string
nullable: true
name: { type: string }
usage: { type: string, enum: [tenant_api, send_api, webhook_outbound, platform_service] }
usage: { type: string, enum: [tenant_api, send_api, web_login, webhook_outbound, platform_service, file_api] }
redirect_uris: { type: array, items: { type: string } }
client_type: { type: string, enum: [public, confidential] }

75
src/MemberCenter.Api/Controllers/AdminOAuthClientsController.cs
View File

@ -1,4 +1,5 @@
using MemberCenter.Api.Contracts;
using MemberCenter.Application.Abstractions;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using OpenIddict.Abstractions;
@ -12,10 +13,14 @@ namespace MemberCenter.Api.Controllers;
public class AdminOAuthClientsController : ControllerBase
{
private readonly IOpenIddictApplicationManager _applicationManager;
private readonly IAuthResourceRegistryService _authResourceRegistry;
public AdminOAuthClientsController(IOpenIddictApplicationManager applicationManager)
public AdminOAuthClientsController(
IOpenIddictApplicationManager applicationManager,
IAuthResourceRegistryService authResourceRegistry)
{
_applicationManager = applicationManager;
_authResourceRegistry = authResourceRegistry;
}
[HttpGet]
@ -43,7 +48,7 @@ public class AdminOAuthClientsController : ControllerBase
{
if (!IsValidUsage(request.Usage))
{
return BadRequest("usage must be tenant_api, send_api, webhook_outbound, or platform_service.");
return BadRequest("usage must be tenant_api, send_api, web_login, webhook_outbound, platform_service, or file_api.");
}
if (!IsTenantOptionalUsage(request.Usage) && (!request.TenantId.HasValue || request.TenantId.Value == Guid.Empty))
@ -64,7 +69,7 @@ public class AdminOAuthClientsController : ControllerBase
}
if (UsesAuthorizationCodeFlow(request.Usage) && redirectUris.Count == 0)
{
return BadRequest("redirect_uris is required for webhook_outbound usage.");
return BadRequest("redirect_uris is required for web_login or webhook_outbound usage.");
}
var descriptor = new OpenIddictApplicationDescriptor
@ -73,7 +78,7 @@ public class AdminOAuthClientsController : ControllerBase
DisplayName = request.Name,
ClientType = request.ClientType
};
ApplyPermissions(descriptor, request.Usage);
await ApplyPermissionsAsync(descriptor, request.Usage);
foreach (var uri in redirectUris)
{
@ -122,7 +127,7 @@ public class AdminOAuthClientsController : ControllerBase
{
if (!IsValidUsage(request.Usage))
{
return BadRequest("usage must be tenant_api, send_api, webhook_outbound, or platform_service.");
return BadRequest("usage must be tenant_api, send_api, web_login, webhook_outbound, platform_service, or file_api.");
}
if (!IsTenantOptionalUsage(request.Usage) && (!request.TenantId.HasValue || request.TenantId.Value == Guid.Empty))
@ -143,7 +148,7 @@ public class AdminOAuthClientsController : ControllerBase
}
if (UsesAuthorizationCodeFlow(request.Usage) && redirectUris.Count == 0)
{
return BadRequest("redirect_uris is required for webhook_outbound usage.");
return BadRequest("redirect_uris is required for web_login or webhook_outbound usage.");
}
var app = await _applicationManager.FindByIdAsync(id);
@ -157,7 +162,7 @@ public class AdminOAuthClientsController : ControllerBase
descriptor.DisplayName = request.Name;
descriptor.ClientType = request.ClientType;
ApplyPermissions(descriptor, request.Usage);
await ApplyPermissionsAsync(descriptor, request.Usage);
descriptor.RedirectUris.Clear();
foreach (var uri in redirectUris)
{
@ -201,25 +206,30 @@ public class AdminOAuthClientsController : ControllerBase
{
return string.Equals(usage, "tenant_api", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "send_api", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "web_login", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "webhook_outbound", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "platform_service", StringComparison.OrdinalIgnoreCase);
|| string.Equals(usage, "platform_service", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "file_api", StringComparison.OrdinalIgnoreCase);
}
private static bool IsTenantOptionalUsage(string usage)
{
return string.Equals(usage, "platform_service", StringComparison.OrdinalIgnoreCase);
return string.Equals(usage, "platform_service", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "web_login", StringComparison.OrdinalIgnoreCase);
}
private static bool RequiresClientCredentials(string usage)
{
return string.Equals(usage, "platform_service", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "tenant_api", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "send_api", StringComparison.OrdinalIgnoreCase);
|| string.Equals(usage, "send_api", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "file_api", StringComparison.OrdinalIgnoreCase);
}
private static bool UsesAuthorizationCodeFlow(string usage)
{
return string.Equals(usage, "webhook_outbound", StringComparison.OrdinalIgnoreCase);
return string.Equals(usage, "web_login", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "webhook_outbound", StringComparison.OrdinalIgnoreCase);
}
private static (List<string> Uris, string? Error) NormalizeRedirectUris(List<string>? redirectUris)
@ -246,50 +256,27 @@ public class AdminOAuthClientsController : ControllerBase
return (values, null);
}
private static void ApplyPermissions(OpenIddictApplicationDescriptor descriptor, string usage)
private async Task ApplyPermissionsAsync(OpenIddictApplicationDescriptor descriptor, string usage)
{
descriptor.Permissions.Clear();
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Token);
if (string.Equals(usage, "platform_service", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "tenant_api", StringComparison.OrdinalIgnoreCase)
|| string.Equals(usage, "send_api", StringComparison.OrdinalIgnoreCase))
if (UsesAuthorizationCodeFlow(usage))
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
if (string.Equals(usage, "platform_service", StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add("scp:newsletter:events.write.global");
AddProfileScopePermissions(descriptor);
}
else if (string.Equals(usage, "send_api", StringComparison.OrdinalIgnoreCase))
{
descriptor.Permissions.Add("scp:newsletter:send.write");
descriptor.Permissions.Add("scp:newsletter:send.read");
}
else
{
descriptor.Permissions.Add("scp:newsletter:events.write");
AddProfileScopePermissions(descriptor);
}
return;
}
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Endpoints.Authorization);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.RefreshToken);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.ResponseTypes.Code);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Scopes.Email);
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Scopes.Profile);
descriptor.Permissions.Add("scp:openid");
}
else
{
descriptor.Permissions.Add(OpenIddictConstants.Permissions.GrantTypes.ClientCredentials);
}
private static void AddProfileScopePermissions(OpenIddictApplicationDescriptor descriptor)
var scopes = await _authResourceRegistry.GetAllowedScopesForUsageAsync(usage, HttpContext.RequestAborted);
foreach (var scope in scopes)
{
descriptor.Permissions.Add("scp:profile:basic.read");
descriptor.Permissions.Add("scp:profile:basic.write");
descriptor.Permissions.Add("scp:profile:addresses.read");
descriptor.Permissions.Add("scp:profile:addresses.write");
descriptor.Permissions.Add("scp:profile:subscriptions.read");
descriptor.Permissions.Add("scp:profile:subscriptions.write");
descriptor.Permissions.Add(OpenIddictConstants.Permissions.Prefixes.Scope + scope);
}
}
}

40
src/MemberCenter.Api/Controllers/OAuthController.cs
View File

@ -1,28 +1,35 @@
using MemberCenter.Api.Extensions;
using MemberCenter.Infrastructure.Identity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using OpenIddict.Abstractions;
using OpenIddict.Server.AspNetCore;
using System.Security.Claims;
using System.Web;
namespace MemberCenter.Api.Controllers;
[ApiController]
public class OAuthController : ControllerBase
{
private const string SecurityStampClaimType = "AspNet.Identity.SecurityStamp";
private readonly string _memberCenterAudience;
private readonly string _webLoginUrl;
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
public OAuthController(UserManager<ApplicationUser> userManager, SignInManager<ApplicationUser> signInManager)
public OAuthController(
IConfiguration configuration,
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager)
{
_memberCenterAudience = configuration["Auth:MemberCenterAudience"] ?? "member_center_api";
_webLoginUrl = configuration["Auth:WebLoginUrl"] ?? "/account/login";
_userManager = userManager;
_signInManager = signInManager;
}
[HttpGet("/oauth/authorize")]
[Authorize]
public async Task<IActionResult> Authorize()
{
var request = HttpContext.Features.Get<OpenIddictServerAspNetCoreFeature>()?.Transaction?.Request;
@ -31,14 +38,30 @@ public class OAuthController : ControllerBase
return BadRequest("Invalid OpenIddict request.");
}
var user = await _userManager.GetUserAsync(User);
var cookie = await HttpContext.AuthenticateAsync(IdentityConstants.ApplicationScheme);
if (!cookie.Succeeded || cookie.Principal is null)
{
return Redirect(BuildLoginRedirectUrl());
}
var user = await _userManager.GetUserAsync(cookie.Principal);
if (user is null)
{
return Forbid(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}
if (user.DisabledAt.HasValue)
{
return Forbid(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}
var principal = await _signInManager.CreateUserPrincipalAsync(user);
if (!string.IsNullOrWhiteSpace(user.SecurityStamp))
{
principal.SetClaim(SecurityStampClaimType, user.SecurityStamp);
}
principal.SetScopes(request.GetScopes());
principal.SetResources(_memberCenterAudience);
foreach (var claim in principal.Claims)
{
claim.SetDestinations(ClaimsExtensions.GetDestinations(claim));
@ -46,4 +69,11 @@ public class OAuthController : ControllerBase
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}
private string BuildLoginRedirectUrl()
{
var returnUrl = $"{Request.Scheme}://{Request.Host}{Request.PathBase}{Request.Path}{Request.QueryString}";
var separator = _webLoginUrl.Contains('?', StringComparison.Ordinal) ? '&' : '?';
return $"{_webLoginUrl}{separator}returnUrl={HttpUtility.UrlEncode(returnUrl)}";
}
}

56
src/MemberCenter.Api/Controllers/TokenController.cs
View File

@ -1,4 +1,5 @@
using MemberCenter.Api.Extensions;
using MemberCenter.Application.Abstractions;
using MemberCenter.Infrastructure.Identity;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Identity;
@ -14,23 +15,21 @@ namespace MemberCenter.Api.Controllers;
public class TokenController : ControllerBase
{
private const string SecurityStampClaimType = "AspNet.Identity.SecurityStamp";
private readonly string _memberCenterAudience;
private readonly string _sendEngineAudience;
private readonly UserManager<ApplicationUser> _userManager;
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly IOpenIddictApplicationManager _applicationManager;
private readonly IAuthResourceRegistryService _authResourceRegistry;
public TokenController(
IConfiguration configuration,
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager,
IOpenIddictApplicationManager applicationManager)
IOpenIddictApplicationManager applicationManager,
IAuthResourceRegistryService authResourceRegistry)
{
_memberCenterAudience = configuration["Auth:MemberCenterAudience"] ?? "member_center_api";
_sendEngineAudience = configuration["Auth:SendEngineAudience"] ?? "send_engine_api";
_userManager = userManager;
_signInManager = signInManager;
_applicationManager = applicationManager;
_authResourceRegistry = authResourceRegistry;
}
[HttpPost("/oauth/token")]
@ -65,7 +64,7 @@ public class TokenController : ControllerBase
}
var scopes = request.Scope.GetScopesOrDefault();
principal.SetScopes(scopes);
principal.SetResources(ResolveResources(scopes));
principal.SetResources(await ResolveResourcesAsync(scopes));
foreach (var claim in principal.Claims)
{
@ -79,7 +78,7 @@ public class TokenController : ControllerBase
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}
if (request.IsRefreshTokenGrantType())
if (request.IsAuthorizationCodeGrantType() || request.IsRefreshTokenGrantType())
{
var authenticateResult = await HttpContext.AuthenticateAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
if (!authenticateResult.Succeeded || authenticateResult.Principal is null)
@ -88,6 +87,11 @@ public class TokenController : ControllerBase
}
var principal = authenticateResult.Principal;
if (!await ValidateUserPrincipalAsync(principal))
{
return Forbid(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}
@ -138,7 +142,7 @@ public class TokenController : ControllerBase
var principal = new ClaimsPrincipal(identity);
var scopes = request.Scope.GetScopesOrDefault();
principal.SetScopes(scopes);
principal.SetResources(ResolveResources(scopes));
principal.SetResources(await ResolveResourcesAsync(scopes));
foreach (var claim in principal.Claims)
{
@ -151,36 +155,28 @@ public class TokenController : ControllerBase
return BadRequest("Unsupported grant type.");
}
private IEnumerable<string> ResolveResources(IEnumerable<string> scopes)
private async Task<bool> ValidateUserPrincipalAsync(ClaimsPrincipal principal)
{
var scopeSet = scopes as ISet<string> ?? new HashSet<string>(scopes, StringComparer.Ordinal);
if (scopeSet.Count == 0)
var subject = principal.GetClaim(OpenIddictConstants.Claims.Subject)
?? principal.FindFirstValue(ClaimTypes.NameIdentifier);
if (!Guid.TryParse(subject, out var userId))
{
return [_memberCenterAudience];
return true;
}
var resources = new HashSet<string>(StringComparer.Ordinal);
if (scopeSet.Contains("newsletter:send.write") || scopeSet.Contains("newsletter:send.read"))
var user = await _userManager.FindByIdAsync(userId.ToString());
if (user is null || user.DisabledAt.HasValue)
{
resources.Add(_sendEngineAudience);
return false;
}
if (scopeSet.Any(scope =>
(scope.StartsWith("newsletter:", StringComparison.Ordinal) && scope is not "newsletter:send.write" && scope is not "newsletter:send.read")
|| scope.StartsWith("profile:", StringComparison.Ordinal))
|| scopeSet.Contains(OpenIddictConstants.Scopes.OpenId)
|| scopeSet.Contains(OpenIddictConstants.Scopes.Email)
|| scopeSet.Contains(OpenIddictConstants.Scopes.Profile))
{
resources.Add(_memberCenterAudience);
var tokenSecurityStamp = principal.FindFirst(SecurityStampClaimType)?.Value;
return string.IsNullOrWhiteSpace(tokenSecurityStamp)
|| string.Equals(tokenSecurityStamp, user.SecurityStamp, StringComparison.Ordinal);
}
if (resources.Count == 0)
private async Task<IReadOnlyList<string>> ResolveResourcesAsync(IEnumerable<string> scopes)
{
resources.Add(_memberCenterAudience);
}
return resources;
return await _authResourceRegistry.ResolveAudiencesAsync(scopes, HttpContext.RequestAborted);
}
}

31
src/MemberCenter.Api/Program.cs
View File

@ -6,6 +6,7 @@ using MemberCenter.Infrastructure.Persistence;
using MemberCenter.Infrastructure.Services;
using MemberCenter.Application.Abstractions;
using MemberCenter.Application.Constants;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.AspNetCore.Identity;
@ -23,6 +24,9 @@ var issuer = builder.Configuration["Auth:Issuer"];
var issuerUri = ParseAbsoluteUriOrThrow(issuer, "Auth:Issuer");
var allowInsecureHttp = builder.Configuration.GetValue("Auth:AllowInsecureHttp", false);
builder.Services.AddDataProtection()
.SetApplicationName("MemberCenter");
builder.Services.AddDbContext<MemberCenterDbContext>(options =>
{
var connectionString = builder.Configuration.GetConnectionString("Default")
@ -55,6 +59,15 @@ builder.Services.AddAuthentication(options =>
options.DefaultChallengeScheme = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme;
});
builder.Services.ConfigureApplicationCookie(options =>
{
var cookieDomain = builder.Configuration["Auth:CookieDomain"];
if (!string.IsNullOrWhiteSpace(cookieDomain))
{
options.Cookie.Domain = cookieDomain;
}
});
builder.Services.AddOpenIddict()
.AddCore(options =>
{
@ -97,7 +110,12 @@ builder.Services.AddOpenIddict()
"newsletter:send.read",
"newsletter:events.read",
"newsletter:events.write",
"newsletter:events.write.global");
"newsletter:events.write.global",
"files:upload.write",
"files:download.read",
"files:download.delegate",
"files:metadata.read",
"files:delete");
options.AddDevelopmentEncryptionCertificate();
options.AddDevelopmentSigningCertificate();
@ -174,10 +192,12 @@ builder.Services.AddScoped<IEmailSender, SmtpEmailSender>();
builder.Services.AddScoped<IAccountEmailService, AccountEmailService>();
builder.Services.AddScoped<INewsletterService, NewsletterService>();
builder.Services.AddScoped<IEmailBlacklistService, EmailBlacklistService>();
builder.Services.AddScoped<ISecuritySettingsService, SecuritySettingsService>();
builder.Services.AddScoped<ITenantService, TenantService>();
builder.Services.AddScoped<INewsletterListService, NewsletterListService>();
builder.Services.AddScoped<IAccountProvisioningService, AccountProvisioningService>();
builder.Services.AddScoped<IProfileService, ProfileService>();
builder.Services.AddScoped<IAuthResourceRegistryService, AuthResourceRegistryService>();
builder.Services.AddHttpContextAccessor();
builder.Services.Configure<SendEngineWebhookOptions>(builder.Configuration.GetSection("SendEngine"));
builder.Services.AddHttpClient<SendEngineWebhookPublisher>();
@ -185,6 +205,8 @@ builder.Services.AddScoped<ISendEngineWebhookPublisher, SendEngineWebhookPublish
var app = builder.Build();
await EnsureAuthRegistryDefaultsAsync(app.Services);
app.UseForwardedHeaders();
if (!string.IsNullOrWhiteSpace(pathBase))
{
@ -306,3 +328,10 @@ static RateLimitPartition<string> CreateFixedWindowLimiter(
AutoReplenishment = true
});
}
static async Task EnsureAuthRegistryDefaultsAsync(IServiceProvider services)
{
await using var scope = services.CreateAsyncScope();
var registry = scope.ServiceProvider.GetRequiredService<IAuthResourceRegistryService>();
await registry.EnsureDefaultsAsync();
}

8
src/MemberCenter.Application/Abstractions/IAuthResourceRegistryService.cs Normal file
View File

@ -0,0 +1,8 @@
namespace MemberCenter.Application.Abstractions;
public interface IAuthResourceRegistryService
{
Task EnsureDefaultsAsync(CancellationToken cancellationToken = default);
Task<IReadOnlyList<string>> ResolveAudiencesAsync(IEnumerable<string> scopes, CancellationToken cancellationToken = default);
Task<IReadOnlyList<string>> GetAllowedScopesForUsageAsync(string usage, CancellationToken cancellationToken = default);
}

10
src/MemberCenter.Domain/Entities/AuthClientUsagePermission.cs Normal file
View File

@ -0,0 +1,10 @@
namespace MemberCenter.Domain.Entities;
public sealed class AuthClientUsagePermission
{
public Guid Id { get; set; }
public string Usage { get; set; } = string.Empty;
public string Scope { get; set; } = string.Empty;
public bool IsEnabled { get; set; } = true;
public DateTimeOffset CreatedAt { get; set; } = DateTimeOffset.UtcNow;
}

16
src/MemberCenter.Domain/Entities/AuthResource.cs Normal file
View File

@ -0,0 +1,16 @@
namespace MemberCenter.Domain.Entities;
public sealed class AuthResource
{
public Guid Id { get; set; }
public string Name { get; set; } = string.Empty;
public string Audience { get; set; } = string.Empty;
public string? Description { get; set; }
public bool RequireTenant { get; set; }
public bool AllowDelegatedToken { get; set; }
public bool IsEnabled { get; set; } = true;
public DateTimeOffset CreatedAt { get; set; } = DateTimeOffset.UtcNow;
public DateTimeOffset UpdatedAt { get; set; } = DateTimeOffset.UtcNow;
public List<AuthResourceScope> Scopes { get; set; } = new();
}

13
src/MemberCenter.Domain/Entities/AuthResourceScope.cs Normal file
View File

@ -0,0 +1,13 @@
namespace MemberCenter.Domain.Entities;
public sealed class AuthResourceScope
{
public Guid Id { get; set; }
public Guid ResourceId { get; set; }
public string Scope { get; set; } = string.Empty;
public string? Description { get; set; }
public bool IsEnabled { get; set; } = true;
public DateTimeOffset CreatedAt { get; set; } = DateTimeOffset.UtcNow;
public AuthResource? Resource { get; set; }
}

1
src/MemberCenter.Infrastructure/MemberCenter.Infrastructure.csproj
View File

@ -12,6 +12,7 @@
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="8.0.0" />
<PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="8.0.8" />
<PackageReference Include="OpenIddict.EntityFrameworkCore" Version="5.7.0" />
</ItemGroup>

46
src/MemberCenter.Infrastructure/Persistence/MemberCenterDbContext.cs
View File

@ -23,6 +23,9 @@ public class MemberCenterDbContext
public DbSet<UnsubscribeToken> UnsubscribeTokens => Set<UnsubscribeToken>();
public DbSet<AuditLog> AuditLogs => Set<AuditLog>();
public DbSet<SystemFlag> SystemFlags => Set<SystemFlag>();
public DbSet<AuthResource> AuthResources => Set<AuthResource>();
public DbSet<AuthResourceScope> AuthResourceScopes => Set<AuthResourceScope>();
public DbSet<AuthClientUsagePermission> AuthClientUsagePermissions => Set<AuthClientUsagePermission>();
protected override void OnModelCreating(ModelBuilder builder)
{
@ -199,6 +202,49 @@ public class MemberCenterDbContext
entity.HasIndex(x => x.Key).IsUnique();
});
builder.Entity<AuthResource>(entity =>
{
entity.ToTable("auth_resources");
entity.HasKey(x => x.Id);
entity.Property(x => x.Name).IsRequired().HasMaxLength(100);
entity.Property(x => x.Audience).IsRequired().HasMaxLength(200);
entity.Property(x => x.Description).HasMaxLength(500);
entity.Property(x => x.RequireTenant).HasDefaultValue(false);
entity.Property(x => x.AllowDelegatedToken).HasDefaultValue(false);
entity.Property(x => x.IsEnabled).HasDefaultValue(true);
entity.Property(x => x.CreatedAt).HasDefaultValueSql("now()");
entity.Property(x => x.UpdatedAt).HasDefaultValueSql("now()");
entity.HasIndex(x => x.Name).IsUnique();
entity.HasIndex(x => x.Audience).IsUnique();
});
builder.Entity<AuthResourceScope>(entity =>
{
entity.ToTable("auth_resource_scopes");
entity.HasKey(x => x.Id);
entity.Property(x => x.Scope).IsRequired().HasMaxLength(200);
entity.Property(x => x.Description).HasMaxLength(500);
entity.Property(x => x.IsEnabled).HasDefaultValue(true);
entity.Property(x => x.CreatedAt).HasDefaultValueSql("now()");
entity.HasIndex(x => new { x.ResourceId, x.Scope }).IsUnique();
entity.HasIndex(x => x.Scope).HasDatabaseName("idx_auth_resource_scopes_scope");
entity.HasOne(x => x.Resource)
.WithMany(x => x.Scopes)
.HasForeignKey(x => x.ResourceId)
.OnDelete(DeleteBehavior.Cascade);
});
builder.Entity<AuthClientUsagePermission>(entity =>
{
entity.ToTable("auth_client_usage_permissions");
entity.HasKey(x => x.Id);
entity.Property(x => x.Usage).IsRequired().HasMaxLength(100);
entity.Property(x => x.Scope).IsRequired().HasMaxLength(200);
entity.Property(x => x.IsEnabled).HasDefaultValue(true);
entity.Property(x => x.CreatedAt).HasDefaultValueSql("now()");
entity.HasIndex(x => new { x.Usage, x.Scope }).IsUnique();
});
builder.Entity<ApplicationUser>(entity =>
{
entity.ToTable("users");

1215
src/MemberCenter.Infrastructure/Persistence/Migrations/20260422154035_AddAuthResourceRegistry.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

113
src/MemberCenter.Infrastructure/Persistence/Migrations/20260422154035_AddAuthResourceRegistry.cs Normal file
View File

@ -0,0 +1,113 @@
using System;
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace MemberCenter.Infrastructure.Persistence.Migrations
{
/// <inheritdoc />
public partial class AddAuthResourceRegistry : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateTable(
name: "auth_client_usage_permissions",
columns: table => new
{
Id = table.Column<Guid>(type: "uuid", nullable: false),
Usage = table.Column<string>(type: "character varying(100)", maxLength: 100, nullable: false),
Scope = table.Column<string>(type: "character varying(200)", maxLength: 200, nullable: false),
IsEnabled = table.Column<bool>(type: "boolean", nullable: false, defaultValue: true),
CreatedAt = table.Column<DateTimeOffset>(type: "timestamp with time zone", nullable: false, defaultValueSql: "now()")
},
constraints: table =>
{
table.PrimaryKey("PK_auth_client_usage_permissions", x => x.Id);
});
migrationBuilder.CreateTable(
name: "auth_resources",
columns: table => new
{
Id = table.Column<Guid>(type: "uuid", nullable: false),
Name = table.Column<string>(type: "character varying(100)", maxLength: 100, nullable: false),
Audience = table.Column<string>(type: "character varying(200)", maxLength: 200, nullable: false),
Description = table.Column<string>(type: "character varying(500)", maxLength: 500, nullable: true),
RequireTenant = table.Column<bool>(type: "boolean", nullable: false, defaultValue: false),
AllowDelegatedToken = table.Column<bool>(type: "boolean", nullable: false, defaultValue: false),
IsEnabled = table.Column<bool>(type: "boolean", nullable: false, defaultValue: true),
CreatedAt = table.Column<DateTimeOffset>(type: "timestamp with time zone", nullable: false, defaultValueSql: "now()"),
UpdatedAt = table.Column<DateTimeOffset>(type: "timestamp with time zone", nullable: false, defaultValueSql: "now()")
},
constraints: table =>
{
table.PrimaryKey("PK_auth_resources", x => x.Id);
});
migrationBuilder.CreateTable(
name: "auth_resource_scopes",
columns: table => new
{
Id = table.Column<Guid>(type: "uuid", nullable: false),
ResourceId = table.Column<Guid>(type: "uuid", nullable: false),
Scope = table.Column<string>(type: "character varying(200)", maxLength: 200, nullable: false),
Description = table.Column<string>(type: "character varying(500)", maxLength: 500, nullable: true),
IsEnabled = table.Column<bool>(type: "boolean", nullable: false, defaultValue: true),
CreatedAt = table.Column<DateTimeOffset>(type: "timestamp with time zone", nullable: false, defaultValueSql: "now()")
},
constraints: table =>
{
table.PrimaryKey("PK_auth_resource_scopes", x => x.Id);
table.ForeignKey(
name: "FK_auth_resource_scopes_auth_resources_ResourceId",
column: x => x.ResourceId,
principalTable: "auth_resources",
principalColumn: "Id",
onDelete: ReferentialAction.Cascade);
});
migrationBuilder.CreateIndex(
name: "IX_auth_client_usage_permissions_Usage_Scope",
table: "auth_client_usage_permissions",
columns: new[] { "Usage", "Scope" },
unique: true);
migrationBuilder.CreateIndex(
name: "idx_auth_resource_scopes_scope",
table: "auth_resource_scopes",
column: "Scope");
migrationBuilder.CreateIndex(
name: "IX_auth_resource_scopes_ResourceId_Scope",
table: "auth_resource_scopes",
columns: new[] { "ResourceId", "Scope" },
unique: true);
migrationBuilder.CreateIndex(
name: "IX_auth_resources_Audience",
table: "auth_resources",
column: "Audience",
unique: true);
migrationBuilder.CreateIndex(
name: "IX_auth_resources_Name",
table: "auth_resources",
column: "Name",
unique: true);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropTable(
name: "auth_client_usage_permissions");
migrationBuilder.DropTable(
name: "auth_resource_scopes");
migrationBuilder.DropTable(
name: "auth_resources");
}
}
}

145
src/MemberCenter.Infrastructure/Persistence/Migrations/MemberCenterDbContextModelSnapshot.cs
View File

@ -54,6 +54,135 @@ namespace MemberCenter.Infrastructure.Persistence.Migrations
b.ToTable("audit_logs", (string)null);
});
modelBuilder.Entity("MemberCenter.Domain.Entities.AuthClientUsagePermission", b =>
{
b.Property<Guid>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("uuid");
b.Property<DateTimeOffset>("CreatedAt")
.ValueGeneratedOnAdd()
.HasColumnType("timestamp with time zone")
.HasDefaultValueSql("now()");
b.Property<bool>("IsEnabled")
.ValueGeneratedOnAdd()
.HasColumnType("boolean")
.HasDefaultValue(true);
b.Property<string>("Scope")
.IsRequired()
.HasMaxLength(200)
.HasColumnType("character varying(200)");
b.Property<string>("Usage")
.IsRequired()
.HasMaxLength(100)
.HasColumnType("character varying(100)");
b.HasKey("Id");
b.HasIndex("Usage", "Scope")
.IsUnique();
b.ToTable("auth_client_usage_permissions", (string)null);
});
modelBuilder.Entity("MemberCenter.Domain.Entities.AuthResource", b =>
{
b.Property<Guid>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("uuid");
b.Property<bool>("AllowDelegatedToken")
.ValueGeneratedOnAdd()
.HasColumnType("boolean")
.HasDefaultValue(false);
b.Property<string>("Audience")
.IsRequired()
.HasMaxLength(200)
.HasColumnType("character varying(200)");
b.Property<DateTimeOffset>("CreatedAt")
.ValueGeneratedOnAdd()
.HasColumnType("timestamp with time zone")
.HasDefaultValueSql("now()");
b.Property<string>("Description")
.HasMaxLength(500)
.HasColumnType("character varying(500)");
b.Property<bool>("IsEnabled")
.ValueGeneratedOnAdd()
.HasColumnType("boolean")
.HasDefaultValue(true);
b.Property<string>("Name")
.IsRequired()
.HasMaxLength(100)
.HasColumnType("character varying(100)");
b.Property<bool>("RequireTenant")
.ValueGeneratedOnAdd()
.HasColumnType("boolean")
.HasDefaultValue(false);
b.Property<DateTimeOffset>("UpdatedAt")
.ValueGeneratedOnAdd()
.HasColumnType("timestamp with time zone")
.HasDefaultValueSql("now()");
b.HasKey("Id");
b.HasIndex("Audience")
.IsUnique();
b.HasIndex("Name")
.IsUnique();
b.ToTable("auth_resources", (string)null);
});
modelBuilder.Entity("MemberCenter.Domain.Entities.AuthResourceScope", b =>
{
b.Property<Guid>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("uuid");
b.Property<DateTimeOffset>("CreatedAt")
.ValueGeneratedOnAdd()
.HasColumnType("timestamp with time zone")
.HasDefaultValueSql("now()");
b.Property<string>("Description")
.HasMaxLength(500)
.HasColumnType("character varying(500)");
b.Property<bool>("IsEnabled")
.ValueGeneratedOnAdd()
.HasColumnType("boolean")
.HasDefaultValue(true);
b.Property<Guid>("ResourceId")
.HasColumnType("uuid");
b.Property<string>("Scope")
.IsRequired()
.HasMaxLength(200)
.HasColumnType("character varying(200)");
b.HasKey("Id");
b.HasIndex("Scope")
.HasDatabaseName("idx_auth_resource_scopes_scope");
b.HasIndex("ResourceId", "Scope")
.IsUnique();
b.ToTable("auth_resource_scopes", (string)null);
});
modelBuilder.Entity("MemberCenter.Domain.Entities.EmailBlacklist", b =>
{
b.Property<Guid>("Id")
@ -893,6 +1022,17 @@ namespace MemberCenter.Infrastructure.Persistence.Migrations
b.ToTable("OpenIddictTokens", (string)null);
});
modelBuilder.Entity("MemberCenter.Domain.Entities.AuthResourceScope", b =>
{
b.HasOne("MemberCenter.Domain.Entities.AuthResource", "Resource")
.WithMany("Scopes")
.HasForeignKey("ResourceId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.Navigation("Resource");
});
modelBuilder.Entity("MemberCenter.Domain.Entities.EmailVerification", b =>
{
b.HasOne("MemberCenter.Domain.Entities.Tenant", null)
@ -1033,6 +1173,11 @@ namespace MemberCenter.Infrastructure.Persistence.Migrations
b.Navigation("Authorization");
});
modelBuilder.Entity("MemberCenter.Domain.Entities.AuthResource", b =>
{
b.Navigation("Scopes");
});
modelBuilder.Entity("MemberCenter.Domain.Entities.NewsletterList", b =>
{
b.Navigation("Subscriptions");

288
src/MemberCenter.Infrastructure/Services/AuthResourceRegistryService.cs Normal file
View File

@ -0,0 +1,288 @@
using MemberCenter.Application.Abstractions;
using MemberCenter.Domain.Entities;
using MemberCenter.Infrastructure.Persistence;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using OpenIddict.Abstractions;
namespace MemberCenter.Infrastructure.Services;
public sealed class AuthResourceRegistryService : IAuthResourceRegistryService
{
private const string MemberCenterResourceName = "member_center_api";
private readonly MemberCenterDbContext _dbContext;
private readonly IConfiguration _configuration;
public AuthResourceRegistryService(MemberCenterDbContext dbContext, IConfiguration configuration)
{
_dbContext = dbContext;
_configuration = configuration;
}
public async Task EnsureDefaultsAsync(CancellationToken cancellationToken = default)
{
var memberCenter = await EnsureResourceAsync(
MemberCenterResourceName,
ResolveAudience("MemberCenter", "Auth:MemberCenterAudience", "member_center_api"),
"Member Center API",
requireTenant: false,
allowDelegatedToken: true,
cancellationToken);
var sendEngine = await EnsureResourceAsync(
"send_engine_api",
ResolveAudience("SendEngine", "Auth:SendEngineAudience", "send_engine_api"),
"Send Engine API",
requireTenant: true,
allowDelegatedToken: false,
cancellationToken);
var fileAccess = await EnsureResourceAsync(
"file_access_api",
ResolveAudience("FileAccess", null, "file_access_api"),
"File upload/download API",
requireTenant: true,
allowDelegatedToken: true,
cancellationToken);
await EnsureScopesAsync(memberCenter.Id, [
OpenIddictConstants.Scopes.OpenId,
OpenIddictConstants.Scopes.Email,
OpenIddictConstants.Scopes.Profile,
"profile:basic.read",
"profile:basic.write",
"profile:addresses.read",
"profile:addresses.write",
"profile:subscriptions.read",
"profile:subscriptions.write",
"newsletter:list.read",
"newsletter:events.read",
"newsletter:events.write",
"newsletter:events.write.global"
], cancellationToken);
await EnsureScopesAsync(sendEngine.Id, [
"newsletter:send.write",
"newsletter:send.read"
], cancellationToken);
await EnsureScopesAsync(fileAccess.Id, [
"files:upload.write",
"files:download.read",
"files:download.delegate",
"files:metadata.read",
"files:delete"
], cancellationToken);
await EnsureUsagePermissionsAsync("web_login", [
OpenIddictConstants.Scopes.OpenId,
OpenIddictConstants.Scopes.Email,
OpenIddictConstants.Scopes.Profile,
"profile:basic.read"
], cancellationToken);
await EnsureUsagePermissionsAsync("webhook_outbound", [
OpenIddictConstants.Scopes.OpenId,
OpenIddictConstants.Scopes.Email,
OpenIddictConstants.Scopes.Profile,
"newsletter:events.write"
], cancellationToken);
await EnsureUsagePermissionsAsync("tenant_api", [
"newsletter:events.write",
"newsletter:list.read",
"profile:basic.read",
"profile:basic.write",
"profile:addresses.read",
"profile:addresses.write",
"profile:subscriptions.read",
"profile:subscriptions.write"
], cancellationToken);
await EnsureUsagePermissionsAsync("platform_service", [
"newsletter:events.write.global",
"newsletter:list.read",
"profile:basic.read",
"profile:basic.write",
"profile:addresses.read",
"profile:addresses.write",
"profile:subscriptions.read",
"profile:subscriptions.write"
], cancellationToken);
await EnsureUsagePermissionsAsync("send_api", [
"newsletter:send.write",
"newsletter:send.read"
], cancellationToken);
await EnsureUsagePermissionsAsync("file_api", [
"files:upload.write",
"files:download.read",
"files:download.delegate",
"files:metadata.read",
"files:delete"
], cancellationToken);
await _dbContext.SaveChangesAsync(cancellationToken);
}
public async Task<IReadOnlyList<string>> ResolveAudiencesAsync(
IEnumerable<string> scopes,
CancellationToken cancellationToken = default)
{
var requestedScopes = scopes
.Where(scope => !string.IsNullOrWhiteSpace(scope))
.Select(scope => scope.Trim())
.Distinct(StringComparer.Ordinal)
.ToList();
if (requestedScopes.Count == 0)
{
var defaultAudience = await _dbContext.AuthResources
.Where(resource => resource.Name == MemberCenterResourceName && resource.IsEnabled)
.Select(resource => resource.Audience)
.SingleOrDefaultAsync(cancellationToken);
return string.IsNullOrWhiteSpace(defaultAudience)
? ["member_center_api"]
: [defaultAudience];
}
var resourceScopes = await _dbContext.AuthResourceScopes
.AsNoTracking()
.Include(resourceScope => resourceScope.Resource)
.Where(resourceScope =>
resourceScope.IsEnabled
&& requestedScopes.Contains(resourceScope.Scope)
&& resourceScope.Resource != null
&& resourceScope.Resource.IsEnabled)
.ToListAsync(cancellationToken);
var resolvedScopes = resourceScopes
.Select(resourceScope => resourceScope.Scope)
.ToHashSet(StringComparer.Ordinal);
var unknownScopes = requestedScopes
.Where(scope => !resolvedScopes.Contains(scope))
.ToList();
if (unknownScopes.Count > 0)
{
throw new InvalidOperationException($"Unknown auth scope(s): {string.Join(", ", unknownScopes)}");
}
return resourceScopes
.Select(resourceScope => resourceScope.Resource!.Audience)
.Distinct(StringComparer.Ordinal)
.ToList();
}
public async Task<IReadOnlyList<string>> GetAllowedScopesForUsageAsync(
string usage,
CancellationToken cancellationToken = default)
{
var normalizedUsage = usage.Trim();
return await _dbContext.AuthClientUsagePermissions
.AsNoTracking()
.Where(permission => permission.Usage == normalizedUsage && permission.IsEnabled)
.OrderBy(permission => permission.Scope)
.Select(permission => permission.Scope)
.ToListAsync(cancellationToken);
}
private async Task<AuthResource> EnsureResourceAsync(
string name,
string audience,
string description,
bool requireTenant,
bool allowDelegatedToken,
CancellationToken cancellationToken)
{
var resource = await _dbContext.AuthResources
.SingleOrDefaultAsync(item => item.Name == name, cancellationToken);
if (resource is null)
{
resource = new AuthResource
{
Id = Guid.NewGuid(),
Name = name,
Audience = audience
};
_dbContext.AuthResources.Add(resource);
}
resource.Audience = audience;
resource.Description = description;
resource.RequireTenant = requireTenant;
resource.AllowDelegatedToken = allowDelegatedToken;
resource.IsEnabled = true;
resource.UpdatedAt = DateTimeOffset.UtcNow;
return resource;
}
private string ResolveAudience(string resourceKey, string? legacyKey, string defaultValue)
{
var configured = _configuration[$"Auth:Resources:{resourceKey}:Audience"];
if (string.IsNullOrWhiteSpace(configured) && !string.IsNullOrWhiteSpace(legacyKey))
{
configured = _configuration[legacyKey];
}
return string.IsNullOrWhiteSpace(configured) ? defaultValue : configured;
}
private async Task EnsureScopesAsync(
Guid resourceId,
IEnumerable<string> scopes,
CancellationToken cancellationToken)
{
var existingScopes = await _dbContext.AuthResourceScopes
.Where(scope => scope.ResourceId == resourceId)
.ToDictionaryAsync(scope => scope.Scope, StringComparer.Ordinal, cancellationToken);
foreach (var scope in scopes.Distinct(StringComparer.Ordinal))
{
if (existingScopes.TryGetValue(scope, out var existing))
{
existing.IsEnabled = true;
continue;
}
_dbContext.AuthResourceScopes.Add(new AuthResourceScope
{
Id = Guid.NewGuid(),
ResourceId = resourceId,
Scope = scope,
IsEnabled = true
});
}
}
private async Task EnsureUsagePermissionsAsync(
string usage,
IEnumerable<string> scopes,
CancellationToken cancellationToken)
{
var existingPermissions = await _dbContext.AuthClientUsagePermissions
.Where(permission => permission.Usage == usage)
.ToDictionaryAsync(permission => permission.Scope, StringComparer.Ordinal, cancellationToken);
foreach (var scope in scopes.Distinct(StringComparer.Ordinal))
{
if (existingPermissions.TryGetValue(scope, out var existing))
{
existing.IsEnabled = true;
continue;
}
_dbContext.AuthClientUsagePermissions.Add(new AuthClientUsagePermission
{
Id = Guid.NewGuid(),
Usage = usage,
Scope = scope,
IsEnabled = true
});
}
}
}

11
src/MemberCenter.Installer/Program.cs
View File

@ -1,7 +1,9 @@
using MemberCenter.Application.Abstractions;
using MemberCenter.Domain.Entities;
using MemberCenter.Infrastructure.Configuration;
using MemberCenter.Infrastructure.Identity;
using MemberCenter.Infrastructure.Persistence;
using MemberCenter.Infrastructure.Services;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Migrations;
@ -99,6 +101,8 @@ initCommand.SetHandler(async (string? connectionString, string? appsettings, boo
}
await db.Database.MigrateAsync();
var registry = scope.ServiceProvider.GetRequiredService<IAuthResourceRegistryService>();
await registry.EnsureDefaultsAsync();
await EnsureRoleAsync(roleManager, "superuser");
await EnsureRoleAsync(roleManager, "admin");
@ -267,6 +271,8 @@ migrateCommand.SetHandler(async (string? connectionString, string? appsettings,
if (string.IsNullOrWhiteSpace(target))
{
await db.Database.MigrateAsync();
var registry = scope.ServiceProvider.GetRequiredService<IAuthResourceRegistryService>();
await registry.EnsureDefaultsAsync();
}
else
{
@ -288,6 +294,9 @@ static IServiceProvider BuildServices(string connectionString)
{
var services = new ServiceCollection();
services.AddLogging(builder => builder.AddConsole());
services.AddSingleton<IConfiguration>(new ConfigurationBuilder()
.AddEnvironmentVariables()
.Build());
services.AddDbContext<MemberCenterDbContext>(options =>
{
options.UseNpgsql(connectionString);
@ -306,6 +315,8 @@ static IServiceProvider BuildServices(string connectionString)
.AddEntityFrameworkStores<MemberCenterDbContext>()
.AddDefaultTokenProviders();
services.AddScoped<IAuthResourceRegistryService, AuthResourceRegistryService>();
return services.BuildServiceProvider();
}

389
src/MemberCenter.TestSite/Controllers/HomeController.cs Normal file
View File

@ -0,0 +1,389 @@
using System.Diagnostics;
using System.Net.Http.Headers;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using MemberCenter.TestSite.Models;
using Microsoft.AspNetCore.Mvc;
namespace MemberCenter.TestSite.Controllers;
public class HomeController : Controller
{
private const string UserAccessTokenKey = "user_access_token";
private const string UserRefreshTokenKey = "user_refresh_token";
private const string ServiceAccessTokenKey = "service_access_token";
private const string CodeVerifierKey = "code_verifier";
private const string LastTitleKey = "last_title";
private const string LastBodyKey = "last_body";
private static readonly JsonSerializerOptions JsonOptions = new(JsonSerializerDefaults.Web)
{
WriteIndented = true
};
private readonly IConfiguration _configuration;
private readonly IHttpClientFactory _httpClientFactory;
public HomeController(IConfiguration configuration, IHttpClientFactory httpClientFactory)
{
_configuration = configuration;
_httpClientFactory = httpClientFactory;
}
[HttpGet("")]
public IActionResult Index()
{
return View(BuildViewModel());
}
[HttpPost("auth/redirect-login")]
public IActionResult RedirectLogin()
{
var options = GetOptions();
if (string.IsNullOrWhiteSpace(options.WebLoginClientId))
{
StoreResult("Redirect login", "Configure MemberCenter:WebLoginClientId first.");
return RedirectToAction(nameof(Index));
}
var codeVerifier = Base64Url(RandomNumberGenerator.GetBytes(32));
var codeChallenge = Base64Url(SHA256.HashData(Encoding.ASCII.GetBytes(codeVerifier)));
HttpContext.Session.SetString(CodeVerifierKey, codeVerifier);
var callbackUrl = Url.ActionLink(nameof(Callback), "Home");
var query = new Dictionary<string, string?>
{
["client_id"] = options.WebLoginClientId,
["redirect_uri"] = callbackUrl,
["response_type"] = "code",
["scope"] = options.WebLoginScopes,
["code_challenge"] = codeChallenge,
["code_challenge_method"] = "S256",
["state"] = Guid.NewGuid().ToString("N")
};
return Redirect($"{TrimSlash(options.ApiBaseUrl)}/oauth/authorize?{BuildQuery(query)}");
}
[HttpGet("auth/callback")]
public async Task<IActionResult> Callback([FromQuery] string? code, [FromQuery] string? error, [FromQuery] string? error_description)
{
if (!string.IsNullOrWhiteSpace(error))
{
StoreResult("Redirect callback", JsonSerializer.Serialize(new { error, error_description }, JsonOptions));
return RedirectToAction(nameof(Index));
}
if (string.IsNullOrWhiteSpace(code))
{
StoreResult("Redirect callback", "Missing authorization code.");
return RedirectToAction(nameof(Index));
}
var options = GetOptions();
var codeVerifier = HttpContext.Session.GetString(CodeVerifierKey);
if (string.IsNullOrWhiteSpace(codeVerifier))
{
StoreResult("Redirect callback", "Missing code verifier in test site session.");
return RedirectToAction(nameof(Index));
}
var form = new Dictionary<string, string?>
{
["grant_type"] = "authorization_code",
["client_id"] = options.WebLoginClientId,
["code"] = code,
["redirect_uri"] = Url.ActionLink(nameof(Callback), "Home"),
["code_verifier"] = codeVerifier
};
await ExchangeUserTokenAsync("Redirect login token", form);
return RedirectToAction(nameof(Index));
}
[HttpPost("auth/api-login")]
public async Task<IActionResult> ApiLogin(string email, string password)
{
var options = GetOptions();
var form = new Dictionary<string, string?>
{
["grant_type"] = "password",
["username"] = email,
["password"] = password,
["scope"] = options.WebLoginScopes
};
await ExchangeUserTokenAsync("API login token", form);
return RedirectToAction(nameof(Index));
}
[HttpPost("auth/service-token")]
public async Task<IActionResult> ServiceToken(string? clientId, string? clientSecret, string? scopes)
{
var options = GetOptions();
var form = new Dictionary<string, string?>
{
["grant_type"] = "client_credentials",
["client_id"] = string.IsNullOrWhiteSpace(clientId) ? options.ServiceClientId : clientId,
["client_secret"] = string.IsNullOrWhiteSpace(clientSecret) ? options.ServiceClientSecret : clientSecret,
["scope"] = string.IsNullOrWhiteSpace(scopes) ? options.ServiceScopes : scopes
};
var response = await PostFormAsync("/oauth/token", form);
var body = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode)
{
SaveToken(body, ServiceAccessTokenKey, null);
}
StoreResult("Service token", FormatResponse(response, body));
return RedirectToAction(nameof(Index));
}
[HttpPost("tests/user-profile-get")]
public async Task<IActionResult> UserProfileGet()
{
await SendUserAsync("GET /user/profile", HttpMethod.Get, "/user/profile");
return RedirectToAction(nameof(Index));
}
[HttpPost("tests/user-profile-post")]
public async Task<IActionResult> UserProfilePost()
{
var payload = new
{
LastName = "Test",
FirstName = "User",
NickName = "Member Center Test",
MobilePhone = "+886900000000",
LandlinePhone = "02-00000000",
DateOfBirth = "1990-01-01",
Gender = "unspecified",
CompanyName = "Test Company",
Department = "QA",
JobTitle = "Tester",
CompanyPhone = "02-11111111",
TaxId = "00000000",
InvoiceTitle = "Test Company",
Remark = "Updated by MemberCenter.TestSite"
};
await SendUserAsync("POST /user/profile", HttpMethod.Post, "/user/profile", payload);
return RedirectToAction(nameof(Index));
}
[HttpPost("tests/user-addresses-get")]
public async Task<IActionResult> UserAddressesGet()
{
await SendUserAsync("GET /user/addresses", HttpMethod.Get, "/user/addresses");
return RedirectToAction(nameof(Index));
}
[HttpPost("tests/user-addresses-post")]
public async Task<IActionResult> UserAddressesPost()
{
var payload = new
{
Id = (Guid?)null,
Label = "test-site",
RecipientName = "Test User",
RecipientPhone = "+886900000000",
CountryCode = "TW",
PostalCode = "100",
StateRegion = "",
City = "Taipei",
District = "Zhongzheng",
AddressLine1 = "No. 1, Test Road",
AddressLine2 = "Test Building",
CompanyName = "Test Company",
Usage = "shipping",
IsDefault = true,
AddressMetaJson = "{\"source\":\"MemberCenter.TestSite\"}"
};
await SendUserAsync("POST /user/addresses", HttpMethod.Post, "/user/addresses", payload);
return RedirectToAction(nameof(Index));
}
[HttpPost("tests/user-subscriptions-get")]
public async Task<IActionResult> UserSubscriptionsGet()
{
await SendUserAsync("GET /user/subscriptions", HttpMethod.Get, "/user/subscriptions");
return RedirectToAction(nameof(Index));
}
[HttpPost("tests/user-subscriptions-unsubscribe")]
public async Task<IActionResult> UserSubscriptionsUnsubscribe(Guid subscriptionId)
{
if (subscriptionId == Guid.Empty)
{
StoreResult("POST /user/subscriptions/{id}/unsubscribe", "Enter a subscription id first.");
return RedirectToAction(nameof(Index));
}
await SendUserAsync(
"POST /user/subscriptions/{id}/unsubscribe",
HttpMethod.Post,
$"/user/subscriptions/{subscriptionId}/unsubscribe");
return RedirectToAction(nameof(Index));
}
[HttpPost("tests/service-profile-by-email")]
public async Task<IActionResult> ServiceProfileByEmail(string email)
{
await SendServiceAsync("GET /user/profile/by-email", HttpMethod.Get, $"/user/profile/by-email?email={Uri.EscapeDataString(email)}");
return RedirectToAction(nameof(Index));
}
[HttpPost("tests/service-addresses-by-email")]
public async Task<IActionResult> ServiceAddressesByEmail(string email)
{
await SendServiceAsync("GET /user/addresses/by-email", HttpMethod.Get, $"/user/addresses/by-email?email={Uri.EscapeDataString(email)}");
return RedirectToAction(nameof(Index));
}
[HttpPost("auth/clear")]
public IActionResult ClearTokens()
{
HttpContext.Session.Clear();
return RedirectToAction(nameof(Index));
}
[ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
public IActionResult Error()
{
return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
}
private TestDashboardViewModel BuildViewModel()
{
return new TestDashboardViewModel
{
Options = GetOptions(),
UserAccessToken = HttpContext.Session.GetString(UserAccessTokenKey),
UserRefreshToken = HttpContext.Session.GetString(UserRefreshTokenKey),
ServiceAccessToken = HttpContext.Session.GetString(ServiceAccessTokenKey),
LastResponseTitle = HttpContext.Session.GetString(LastTitleKey),
LastResponseBody = HttpContext.Session.GetString(LastBodyKey)
};
}
private MemberCenterTestOptions GetOptions()
{
var options = new MemberCenterTestOptions();
_configuration.GetSection("MemberCenter").Bind(options);
return options;
}
private async Task ExchangeUserTokenAsync(string title, Dictionary<string, string?> form)
{
var response = await PostFormAsync("/oauth/token", form);
var body = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode)
{
SaveToken(body, UserAccessTokenKey, UserRefreshTokenKey);
}
StoreResult(title, FormatResponse(response, body));
}
private async Task<HttpResponseMessage> PostFormAsync(string path, Dictionary<string, string?> form)
{
var client = _httpClientFactory.CreateClient();
var values = form
.Where(x => !string.IsNullOrWhiteSpace(x.Value))
.ToDictionary(x => x.Key, x => x.Value!);
return await client.PostAsync($"{TrimSlash(GetOptions().ApiBaseUrl)}{path}", new FormUrlEncodedContent(values));
}
private async Task SendUserAsync(string title, HttpMethod method, string path, object? payload = null)
{
await SendApiAsync(title, method, path, HttpContext.Session.GetString(UserAccessTokenKey), payload);
}
private async Task SendServiceAsync(string title, HttpMethod method, string path, object? payload = null)
{
await SendApiAsync(title, method, path, HttpContext.Session.GetString(ServiceAccessTokenKey), payload);
}
private async Task SendApiAsync(string title, HttpMethod method, string path, string? token, object? payload = null)
{
if (string.IsNullOrWhiteSpace(token))
{
StoreResult(title, "Missing token. Login or request a service token first.");
return;
}
var request = new HttpRequestMessage(method, $"{TrimSlash(GetOptions().ApiBaseUrl)}{path}");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
if (payload is not null)
{
request.Content = new StringContent(JsonSerializer.Serialize(payload, JsonOptions), Encoding.UTF8, "application/json");
}
var client = _httpClientFactory.CreateClient();
var response = await client.SendAsync(request);
var body = await response.Content.ReadAsStringAsync();
StoreResult(title, FormatResponse(response, body));
}
private void SaveToken(string body, string accessTokenKey, string? refreshTokenKey)
{
using var json = JsonDocument.Parse(body);
if (json.RootElement.TryGetProperty("access_token", out var accessToken))
{
HttpContext.Session.SetString(accessTokenKey, accessToken.GetString() ?? string.Empty);
}
if (!string.IsNullOrWhiteSpace(refreshTokenKey)
&& json.RootElement.TryGetProperty("refresh_token", out var refreshToken))
{
HttpContext.Session.SetString(refreshTokenKey, refreshToken.GetString() ?? string.Empty);
}
}
private void StoreResult(string title, string body)
{
HttpContext.Session.SetString(LastTitleKey, title);
HttpContext.Session.SetString(LastBodyKey, PrettyJsonOrRaw(body));
}
private static string FormatResponse(HttpResponseMessage response, string body)
{
return $"HTTP {(int)response.StatusCode} {response.ReasonPhrase}\n\n{PrettyJsonOrRaw(body)}";
}
private static string PrettyJsonOrRaw(string body)
{
if (string.IsNullOrWhiteSpace(body))
{
return "(empty response)";
}
try
{
using var json = JsonDocument.Parse(body);
return JsonSerializer.Serialize(json.RootElement, JsonOptions);
}
catch
{
return body;
}
}
private static string BuildQuery(Dictionary<string, string?> values)
{
return string.Join("&", values
.Where(x => !string.IsNullOrWhiteSpace(x.Value))
.Select(x => $"{Uri.EscapeDataString(x.Key)}={Uri.EscapeDataString(x.Value!)}"));
}
private static string TrimSlash(string value) => value.TrimEnd('/');
private static string Base64Url(byte[] bytes)
{
return Convert.ToBase64String(bytes)
.TrimEnd('=')
.Replace('+', '-')
.Replace('/', '_');
}
}

9
src/MemberCenter.TestSite/MemberCenter.TestSite.csproj Normal file
View File

@ -0,0 +1,9 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net8.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
</Project>

8
src/MemberCenter.TestSite/Models/ErrorViewModel.cs Normal file
View File

@ -0,0 +1,8 @@
namespace MemberCenter.TestSite.Models;
public class ErrorViewModel
{
public string? RequestId { get; set; }
public bool ShowRequestId => !string.IsNullOrEmpty(RequestId);
}

12
src/MemberCenter.TestSite/Models/MemberCenterTestOptions.cs Normal file
View File

@ -0,0 +1,12 @@
namespace MemberCenter.TestSite.Models;
public sealed class MemberCenterTestOptions
{
public string ApiBaseUrl { get; set; } = "http://localhost:7850";
public string WebLoginClientId { get; set; } = string.Empty;
public string WebLoginRedirectPath { get; set; } = "/auth/callback";
public string WebLoginScopes { get; set; } = "openid email profile profile:basic.read profile:basic.write profile:addresses.read profile:addresses.write profile:subscriptions.read profile:subscriptions.write";
public string ServiceClientId { get; set; } = string.Empty;
public string ServiceClientSecret { get; set; } = string.Empty;
public string ServiceScopes { get; set; } = "profile:basic.read profile:addresses.read";
}

11
src/MemberCenter.TestSite/Models/TestDashboardViewModel.cs Normal file
View File

@ -0,0 +1,11 @@
namespace MemberCenter.TestSite.Models;
public sealed class TestDashboardViewModel
{
public MemberCenterTestOptions Options { get; set; } = new();
public string? UserAccessToken { get; set; }
public string? UserRefreshToken { get; set; }
public string? ServiceAccessToken { get; set; }
public string? LastResponseTitle { get; set; }
public string? LastResponseBody { get; set; }
}

32
src/MemberCenter.TestSite/Program.cs Normal file
View File

@ -0,0 +1,32 @@
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddControllersWithViews();
builder.Services.AddHttpClient();
builder.Services.AddSession(options =>
{
options.Cookie.Name = ".MemberCenter.TestSite.Session";
options.IdleTimeout = TimeSpan.FromHours(2);
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
});
var app = builder.Build();
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseStaticFiles();
app.UseRouting();
app.UseSession();
app.UseAuthorization();
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
app.Run();

38
src/MemberCenter.TestSite/Properties/launchSettings.json Normal file
View File

@ -0,0 +1,38 @@
{
"$schema": "http://json.schemastore.org/launchsettings.json",
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:9196",
"sslPort": 44343
}
},
"profiles": {
"http": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": true,
"applicationUrl": "http://localhost:5243",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"https": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": true,
"applicationUrl": "https://localhost:7046;http://localhost:5243",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}

116
src/MemberCenter.TestSite/Views/Home/Index.cshtml Normal file
View File

@ -0,0 +1,116 @@
@model MemberCenter.TestSite.Models.TestDashboardViewModel
@{
ViewData["Title"] = "Member Center Test Site";
string ShortToken(string? token) => string.IsNullOrWhiteSpace(token)
? "not set"
: $"{token[..Math.Min(18, token.Length)]}...";
}
<div class="test-hero">
<div>
<p class="eyebrow">Member Center Integration Test</p>
<h1>API / Redirect Login Happy Paths</h1>
<p>This test site stores tokens in its own ASP.NET session and runs the first 10 happy-path checks against Member Center.</p>
</div>
<form method="post" asp-action="ClearTokens">
<button type="submit" class="danger">Clear Session Tokens</button>
</form>
</div>
<section class="grid">
<article class="card">
<h2>Current Settings</h2>
<dl>
<dt>API Base URL</dt>
<dd>@Model.Options.ApiBaseUrl</dd>
<dt>web_login Client ID</dt>
<dd>@(string.IsNullOrWhiteSpace(Model.Options.WebLoginClientId) ? "not configured" : Model.Options.WebLoginClientId)</dd>
<dt>Service Client ID</dt>
<dd>@(string.IsNullOrWhiteSpace(Model.Options.ServiceClientId) ? "not configured" : Model.Options.ServiceClientId)</dd>
<dt>User token</dt>
<dd>@ShortToken(Model.UserAccessToken)</dd>
<dt>Service token</dt>
<dd>@ShortToken(Model.ServiceAccessToken)</dd>
</dl>
</article>
<article class="card">
<h2>1. Redirect Login</h2>
<p>Uses <code>usage=web_login</code>, Authorization Code + PKCE, and this site's <code>/auth/callback</code>.</p>
<form method="post" asp-action="RedirectLogin">
<button type="submit">Start Redirect Login</button>
</form>
</article>
<article class="card">
<h2>2. API Login</h2>
<form method="post" asp-action="ApiLogin">
<label>Email</label>
<input name="email" type="email" autocomplete="username" required />
<label>Password</label>
<input name="password" type="password" autocomplete="current-password" required />
<button type="submit">Get User Token</button>
</form>
</article>
<article class="card">
<h2>Service Token</h2>
<p>Required for checks 9 and 10.</p>
<form method="post" asp-action="ServiceToken">
<label>Client ID</label>
<input name="clientId" value="@Model.Options.ServiceClientId" />
<label>Client Secret</label>
<input name="clientSecret" type="password" value="@Model.Options.ServiceClientSecret" />
<label>Scopes</label>
<input name="scopes" value="@Model.Options.ServiceScopes" />
<button type="submit">Get Service Token</button>
</form>
</article>
</section>
<section class="card">
<h2>User Token Happy Paths</h2>
<div class="actions">
<form method="post" asp-action="UserProfileGet">
<button type="submit">3. GET /user/profile</button>
</form>
<form method="post" asp-action="UserProfilePost">
<button type="submit">4. POST /user/profile</button>
</form>
<form method="post" asp-action="UserAddressesGet">
<button type="submit">5. GET /user/addresses</button>
</form>
<form method="post" asp-action="UserAddressesPost">
<button type="submit">6. POST /user/addresses</button>
</form>
<form method="post" asp-action="UserSubscriptionsGet">
<button type="submit">7. GET /user/subscriptions</button>
</form>
</div>
<form method="post" asp-action="UserSubscriptionsUnsubscribe" class="inline-form">
<label>Subscription ID</label>
<input name="subscriptionId" placeholder="00000000-0000-0000-0000-000000000000" />
<button type="submit">8. POST /user/subscriptions/{id}/unsubscribe</button>
</form>
</section>
<section class="card">
<h2>Service Token Happy Paths</h2>
<p>Use a service token with at least <code>profile:basic.read</code> and <code>profile:addresses.read</code>.</p>
<form method="post" asp-action="ServiceProfileByEmail" class="inline-form">
<label>Email</label>
<input name="email" type="email" required />
<button type="submit">9. GET /user/profile/by-email</button>
</form>
<form method="post" asp-action="ServiceAddressesByEmail" class="inline-form">
<label>Email</label>
<input name="email" type="email" required />
<button type="submit">10. GET /user/addresses/by-email</button>
</form>
</section>
<section class="card response-card">
<h2>Last Response</h2>
<h3>@(Model.LastResponseTitle ?? "No request yet")</h3>
<pre>@(Model.LastResponseBody ?? "Run a happy-path action to see the response here.")</pre>
</section>

6
src/MemberCenter.TestSite/Views/Home/Privacy.cshtml Normal file
View File

@ -0,0 +1,6 @@
@{
ViewData["Title"] = "Privacy Policy";
}
<h1>@ViewData["Title"]</h1>
<p>Use this page to detail your site's privacy policy.</p>

25
src/MemberCenter.TestSite/Views/Shared/Error.cshtml Normal file
View File

@ -0,0 +1,25 @@
@model ErrorViewModel
@{
ViewData["Title"] = "Error";
}
<h1 class="text-danger">Error.</h1>
<h2 class="text-danger">An error occurred while processing your request.</h2>
@if (Model.ShowRequestId)
{
<p>
<strong>Request ID:</strong> <code>@Model.RequestId</code>
</p>
}
<h3>Development Mode</h3>
<p>
Swapping to <strong>Development</strong> environment will display more detailed information about the error that occurred.
</p>
<p>
<strong>The Development environment shouldn't be enabled for deployed applications.</strong>
It can result in displaying sensitive information from exceptions to end users.
For local debugging, enable the <strong>Development</strong> environment by setting the <strong>ASPNETCORE_ENVIRONMENT</strong> environment variable to <strong>Development</strong>
and restarting the app.
</p>

46
src/MemberCenter.TestSite/Views/Shared/_Layout.cshtml Normal file
View File

@ -0,0 +1,46 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>@ViewData["Title"] - Member Center Test Site</title>
<link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.min.css" />
<link rel="stylesheet" href="~/css/site.css" asp-append-version="true" />
<link rel="stylesheet" href="~/MemberCenter.TestSite.styles.css" asp-append-version="true" />
</head>
<body>
<header>
<nav class="navbar navbar-expand-sm navbar-toggleable-sm navbar-light bg-white border-bottom box-shadow mb-3">
<div class="container-fluid">
<a class="navbar-brand" asp-area="" asp-controller="Home" asp-action="Index">Member Center Test Site</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target=".navbar-collapse" aria-controls="navbarSupportedContent"
aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="navbar-collapse collapse d-sm-inline-flex justify-content-between">
<ul class="navbar-nav flex-grow-1">
<li class="nav-item">
<a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="Index">Home</a>
</li>
</ul>
</div>
</div>
</nav>
</header>
<div class="container">
<main role="main" class="pb-3">
@RenderBody()
</main>
</div>
<footer class="border-top footer text-muted">
<div class="container">
&copy; 2026 - Member Center Test Site
</div>
</footer>
<script src="~/lib/jquery/dist/jquery.min.js"></script>
<script src="~/lib/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
<script src="~/js/site.js" asp-append-version="true"></script>
@await RenderSectionAsync("Scripts", required: false)
</body>
</html>

48
src/MemberCenter.TestSite/Views/Shared/_Layout.cshtml.css Normal file
View File

@ -0,0 +1,48 @@
/* Please see documentation at https://learn.microsoft.com/aspnet/core/client-side/bundling-and-minification
for details on configuring this project to bundle and minify static web assets. */
a.navbar-brand {
white-space: normal;
text-align: center;
word-break: break-all;
}
a {
color: #0077cc;
}
.btn-primary {
color: #fff;
background-color: #1b6ec2;
border-color: #1861ac;
}
.nav-pills .nav-link.active, .nav-pills .show > .nav-link {
color: #fff;
background-color: #1b6ec2;
border-color: #1861ac;
}
.border-top {
border-top: 1px solid #e5e5e5;
}
.border-bottom {
border-bottom: 1px solid #e5e5e5;
}
.box-shadow {
box-shadow: 0 .25rem .75rem rgba(0, 0, 0, .05);
}
button.accept-policy {
font-size: 1rem;
line-height: inherit;
}
.footer {
position: absolute;
bottom: 0;
width: 100%;
white-space: nowrap;
line-height: 60px;
}

2
src/MemberCenter.TestSite/Views/Shared/_ValidationScriptsPartial.cshtml Normal file
View File

@ -0,0 +1,2 @@
<script src="~/lib/jquery-validation/dist/jquery.validate.min.js"></script>
<script src="~/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.min.js"></script>

3
src/MemberCenter.TestSite/Views/_ViewImports.cshtml Normal file
View File

@ -0,0 +1,3 @@
@using MemberCenter.TestSite
@using MemberCenter.TestSite.Models
@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers

3
src/MemberCenter.TestSite/Views/_ViewStart.cshtml Normal file
View File

@ -0,0 +1,3 @@
@{
Layout = "_Layout";
}

18
src/MemberCenter.TestSite/appsettings.json Normal file
View File

@ -0,0 +1,18 @@
{
"MemberCenter": {
"ApiBaseUrl": "http://localhost:7850",
"WebLoginClientId": "",
"WebLoginRedirectPath": "/auth/callback",
"WebLoginScopes": "openid email profile profile:basic.read profile:basic.write profile:addresses.read profile:addresses.write profile:subscriptions.read profile:subscriptions.write",
"ServiceClientId": "",
"ServiceClientSecret": "",
"ServiceScopes": "profile:basic.read profile:addresses.read"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*"
}

161
src/MemberCenter.TestSite/wwwroot/css/site.css Normal file
View File

@ -0,0 +1,161 @@
html {
font-size: 14px;
}
@media (min-width: 768px) {
html {
font-size: 16px;
}
}
.btn:focus, .btn:active:focus, .btn-link.nav-link:focus, .form-control:focus, .form-check-input:focus {
box-shadow: 0 0 0 0.1rem white, 0 0 0 0.25rem #258cfb;
}
html {
position: relative;
min-height: 100%;
}
body {
margin-bottom: 60px;
background:
radial-gradient(circle at top left, rgba(25, 135, 84, 0.12), transparent 30rem),
linear-gradient(180deg, #f7f3ec 0%, #f9faf7 100%);
color: #1f2a24;
}
.test-hero {
align-items: center;
background: #16382c;
border-radius: 28px;
color: #f7f3ec;
display: flex;
gap: 2rem;
justify-content: space-between;
margin: 2rem 0;
padding: 2rem;
}
.test-hero h1 {
font-size: clamp(2rem, 5vw, 4rem);
line-height: 0.95;
margin: 0;
max-width: 760px;
}
.test-hero p {
margin-bottom: 0;
max-width: 760px;
}
.eyebrow {
color: #ffc857;
font-size: 0.8rem;
font-weight: 700;
letter-spacing: 0.12em;
text-transform: uppercase;
}
.grid {
display: grid;
gap: 1rem;
grid-template-columns: repeat(auto-fit, minmax(260px, 1fr));
}
.card {
background: rgba(255, 255, 255, 0.9);
border: 1px solid rgba(22, 56, 44, 0.12);
border-radius: 22px;
box-shadow: 0 20px 50px rgba(22, 56, 44, 0.08);
margin-bottom: 1rem;
padding: 1.25rem;
}
.card h2 {
font-size: 1.2rem;
margin-bottom: 1rem;
}
label,
dt {
color: #53645d;
display: block;
font-size: 0.78rem;
font-weight: 700;
letter-spacing: 0.06em;
margin-top: 0.75rem;
text-transform: uppercase;
}
dd {
margin-left: 0;
overflow-wrap: anywhere;
}
input {
border: 1px solid #cdd7d1;
border-radius: 12px;
display: block;
margin-top: 0.25rem;
padding: 0.65rem 0.75rem;
width: 100%;
}
button {
background: #236b52;
border: 0;
border-radius: 999px;
color: white;
font-weight: 700;
margin-top: 1rem;
padding: 0.65rem 1rem;
}
button:hover {
background: #1a533f;
}
button.danger {
background: #b9472f;
}
.actions {
display: flex;
flex-wrap: wrap;
gap: 0.75rem;
}
.actions form,
.inline-form {
margin: 0;
}
.inline-form {
align-items: end;
display: grid;
gap: 0.75rem;
grid-template-columns: minmax(220px, 1fr) auto;
margin-top: 1rem;
}
.inline-form label {
grid-column: 1 / -1;
}
.response-card pre {
background: #10241d;
border-radius: 18px;
color: #dcf7ea;
max-height: 520px;
overflow: auto;
padding: 1rem;
white-space: pre-wrap;
}
@media (max-width: 700px) {
.test-hero,
.inline-form {
display: block;
}
}

BIN
src/MemberCenter.TestSite/wwwroot/favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.3 KiB

4
src/MemberCenter.TestSite/wwwroot/js/site.js Normal file
View File

@ -0,0 +1,4 @@
// Please see documentation at https://learn.microsoft.com/aspnet/core/client-side/bundling-and-minification
// for details on configuring this project to bundle and minify static web assets.
// Write your JavaScript code.

22
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/LICENSE Normal file
View File

@ -0,0 +1,22 @@
The MIT License (MIT)
Copyright (c) 2011-2021 Twitter, Inc.
Copyright (c) 2011-2021 The Bootstrap Authors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

4997
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-grid.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-grid.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

7
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-grid.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-grid.min.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

4996
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-grid.rtl.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-grid.rtl.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

7
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-grid.rtl.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-grid.rtl.min.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

427
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.css vendored Normal file
View File

@ -0,0 +1,427 @@
/*!
* Bootstrap Reboot v5.1.0 (https://getbootstrap.com/)
* Copyright 2011-2021 The Bootstrap Authors
* Copyright 2011-2021 Twitter, Inc.
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
* Forked from Normalize.css, licensed MIT (https://github.com/necolas/normalize.css/blob/master/LICENSE.md)
*/
*,
*::before,
*::after {
box-sizing: border-box;
}
@media (prefers-reduced-motion: no-preference) {
:root {
scroll-behavior: smooth;
}
}
body {
margin: 0;
font-family: var(--bs-body-font-family);
font-size: var(--bs-body-font-size);
font-weight: var(--bs-body-font-weight);
line-height: var(--bs-body-line-height);
color: var(--bs-body-color);
text-align: var(--bs-body-text-align);
background-color: var(--bs-body-bg);
-webkit-text-size-adjust: 100%;
-webkit-tap-highlight-color: rgba(0, 0, 0, 0);
}
hr {
margin: 1rem 0;
color: inherit;
background-color: currentColor;
border: 0;
opacity: 0.25;
}
hr:not([size]) {
height: 1px;
}
h6, h5, h4, h3, h2, h1 {
margin-top: 0;
margin-bottom: 0.5rem;
font-weight: 500;
line-height: 1.2;
}
h1 {
font-size: calc(1.375rem + 1.5vw);
}
@media (min-width: 1200px) {
h1 {
font-size: 2.5rem;
}
}
h2 {
font-size: calc(1.325rem + 0.9vw);
}
@media (min-width: 1200px) {
h2 {
font-size: 2rem;
}
}
h3 {
font-size: calc(1.3rem + 0.6vw);
}
@media (min-width: 1200px) {
h3 {
font-size: 1.75rem;
}
}
h4 {
font-size: calc(1.275rem + 0.3vw);
}
@media (min-width: 1200px) {
h4 {
font-size: 1.5rem;
}
}
h5 {
font-size: 1.25rem;
}
h6 {
font-size: 1rem;
}
p {
margin-top: 0;
margin-bottom: 1rem;
}
abbr[title],
abbr[data-bs-original-title] {
-webkit-text-decoration: underline dotted;
text-decoration: underline dotted;
cursor: help;
-webkit-text-decoration-skip-ink: none;
text-decoration-skip-ink: none;
}
address {
margin-bottom: 1rem;
font-style: normal;
line-height: inherit;
}
ol,
ul {
padding-left: 2rem;
}
ol,
ul,
dl {
margin-top: 0;
margin-bottom: 1rem;
}
ol ol,
ul ul,
ol ul,
ul ol {
margin-bottom: 0;
}
dt {
font-weight: 700;
}
dd {
margin-bottom: 0.5rem;
margin-left: 0;
}
blockquote {
margin: 0 0 1rem;
}
b,
strong {
font-weight: bolder;
}
small {
font-size: 0.875em;
}
mark {
padding: 0.2em;
background-color: #fcf8e3;
}
sub,
sup {
position: relative;
font-size: 0.75em;
line-height: 0;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
a {
color: #0d6efd;
text-decoration: underline;
}
a:hover {
color: #0a58ca;
}
a:not([href]):not([class]), a:not([href]):not([class]):hover {
color: inherit;
text-decoration: none;
}
pre,
code,
kbd,
samp {
font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;
font-size: 1em;
direction: ltr /* rtl:ignore */;
unicode-bidi: bidi-override;
}
pre {
display: block;
margin-top: 0;
margin-bottom: 1rem;
overflow: auto;
font-size: 0.875em;
}
pre code {
font-size: inherit;
color: inherit;
word-break: normal;
}
code {
font-size: 0.875em;
color: #d63384;
word-wrap: break-word;
}
a > code {
color: inherit;
}
kbd {
padding: 0.2rem 0.4rem;
font-size: 0.875em;
color: #fff;
background-color: #212529;
border-radius: 0.2rem;
}
kbd kbd {
padding: 0;
font-size: 1em;
font-weight: 700;
}
figure {
margin: 0 0 1rem;
}
img,
svg {
vertical-align: middle;
}
table {
caption-side: bottom;
border-collapse: collapse;
}
caption {
padding-top: 0.5rem;
padding-bottom: 0.5rem;
color: #6c757d;
text-align: left;
}
th {
text-align: inherit;
text-align: -webkit-match-parent;
}
thead,
tbody,
tfoot,
tr,
td,
th {
border-color: inherit;
border-style: solid;
border-width: 0;
}
label {
display: inline-block;
}
button {
border-radius: 0;
}
button:focus:not(:focus-visible) {
outline: 0;
}
input,
button,
select,
optgroup,
textarea {
margin: 0;
font-family: inherit;
font-size: inherit;
line-height: inherit;
}
button,
select {
text-transform: none;
}
[role=button] {
cursor: pointer;
}
select {
word-wrap: normal;
}
select:disabled {
opacity: 1;
}
[list]::-webkit-calendar-picker-indicator {
display: none;
}
button,
[type=button],
[type=reset],
[type=submit] {
-webkit-appearance: button;
}
button:not(:disabled),
[type=button]:not(:disabled),
[type=reset]:not(:disabled),
[type=submit]:not(:disabled) {
cursor: pointer;
}
::-moz-focus-inner {
padding: 0;
border-style: none;
}
textarea {
resize: vertical;
}
fieldset {
min-width: 0;
padding: 0;
margin: 0;
border: 0;
}
legend {
float: left;
width: 100%;
padding: 0;
margin-bottom: 0.5rem;
font-size: calc(1.275rem + 0.3vw);
line-height: inherit;
}
@media (min-width: 1200px) {
legend {
font-size: 1.5rem;
}
}
legend + * {
clear: left;
}
::-webkit-datetime-edit-fields-wrapper,
::-webkit-datetime-edit-text,
::-webkit-datetime-edit-minute,
::-webkit-datetime-edit-hour-field,
::-webkit-datetime-edit-day-field,
::-webkit-datetime-edit-month-field,
::-webkit-datetime-edit-year-field {
padding: 0;
}
::-webkit-inner-spin-button {
height: auto;
}
[type=search] {
outline-offset: -2px;
-webkit-appearance: textfield;
}
/* rtl:raw:
[type="tel"],
[type="url"],
[type="email"],
[type="number"] {
direction: ltr;
}
*/
::-webkit-search-decoration {
-webkit-appearance: none;
}
::-webkit-color-swatch-wrapper {
padding: 0;
}
::file-selector-button {
font: inherit;
}
::-webkit-file-upload-button {
font: inherit;
-webkit-appearance: button;
}
output {
display: inline-block;
}
iframe {
border: 0;
}
summary {
display: list-item;
cursor: pointer;
}
progress {
vertical-align: baseline;
}
[hidden] {
display: none !important;
}
/*# sourceMappingURL=bootstrap-reboot.css.map */

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

8
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.min.css vendored Normal file
View File

@ -0,0 +1,8 @@
/*!
* Bootstrap Reboot v5.1.0 (https://getbootstrap.com/)
* Copyright 2011-2021 The Bootstrap Authors
* Copyright 2011-2021 Twitter, Inc.
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
* Forked from Normalize.css, licensed MIT (https://github.com/necolas/normalize.css/blob/master/LICENSE.md)
*/*,::after,::before{box-sizing:border-box}@media (prefers-reduced-motion:no-preference){:root{scroll-behavior:smooth}}body{margin:0;font-family:var(--bs-body-font-family);font-size:var(--bs-body-font-size);font-weight:var(--bs-body-font-weight);line-height:var(--bs-body-line-height);color:var(--bs-body-color);text-align:var(--bs-body-text-align);background-color:var(--bs-body-bg);-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:transparent}hr{margin:1rem 0;color:inherit;background-color:currentColor;border:0;opacity:.25}hr:not([size]){height:1px}h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:.5rem;font-weight:500;line-height:1.2}h1{font-size:calc(1.375rem + 1.5vw)}@media (min-width:1200px){h1{font-size:2.5rem}}h2{font-size:calc(1.325rem + .9vw)}@media (min-width:1200px){h2{font-size:2rem}}h3{font-size:calc(1.3rem + .6vw)}@media (min-width:1200px){h3{font-size:1.75rem}}h4{font-size:calc(1.275rem + .3vw)}@media (min-width:1200px){h4{font-size:1.5rem}}h5{font-size:1.25rem}h6{font-size:1rem}p{margin-top:0;margin-bottom:1rem}abbr[data-bs-original-title],abbr[title]{-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}ol,ul{padding-left:2rem}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}b,strong{font-weight:bolder}small{font-size:.875em}mark{padding:.2em;background-color:#fcf8e3}sub,sup{position:relative;font-size:.75em;line-height:0;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}a{color:#0d6efd;text-decoration:underline}a:hover{color:#0a58ca}a:not([href]):not([class]),a:not([href]):not([class]):hover{color:inherit;text-decoration:none}code,kbd,pre,samp{font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;font-size:1em;direction:ltr;unicode-bidi:bidi-override}pre{display:block;margin-top:0;margin-bottom:1rem;overflow:auto;font-size:.875em}pre code{font-size:inherit;color:inherit;word-break:normal}code{font-size:.875em;color:#d63384;word-wrap:break-word}a>code{color:inherit}kbd{padding:.2rem .4rem;font-size:.875em;color:#fff;background-color:#212529;border-radius:.2rem}kbd kbd{padding:0;font-size:1em;font-weight:700}figure{margin:0 0 1rem}img,svg{vertical-align:middle}table{caption-side:bottom;border-collapse:collapse}caption{padding-top:.5rem;padding-bottom:.5rem;color:#6c757d;text-align:left}th{text-align:inherit;text-align:-webkit-match-parent}tbody,td,tfoot,th,thead,tr{border-color:inherit;border-style:solid;border-width:0}label{display:inline-block}button{border-radius:0}button:focus:not(:focus-visible){outline:0}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,select{text-transform:none}[role=button]{cursor:pointer}select{word-wrap:normal}select:disabled{opacity:1}[list]::-webkit-calendar-picker-indicator{display:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]:not(:disabled),[type=reset]:not(:disabled),[type=submit]:not(:disabled),button:not(:disabled){cursor:pointer}::-moz-focus-inner{padding:0;border-style:none}textarea{resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{float:left;width:100%;padding:0;margin-bottom:.5rem;font-size:calc(1.275rem + .3vw);line-height:inherit}@media (min-width:1200px){legend{font-size:1.5rem}}legend+*{clear:left}::-webkit-datetime-edit-day-field,::-webkit-datetime-edit-fields-wrapper,::-webkit-datetime-edit-hour-field,::-webkit-datetime-edit-minute,::-webkit-datetime-edit-month-field,::-webkit-datetime-edit-text,::-webkit-datetime-edit-year-field{padding:0}::-webkit-inner-spin-button{height:auto}[type=search]{outline-offset:-2px;-webkit-appearance:textfield}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-color-swatch-wrapper{padding:0}::file-selector-button{font:inherit}::-webkit-file-upload-button{font:inherit;-webkit-appearance:button}output{display:inline-block}iframe{border:0}summary{display:list-item;cursor:pointer}progress{vertical-align:baseline}[hidden]{display:none!important}
/*# sourceMappingURL=bootstrap-reboot.min.css.map */

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.min.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

424
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.rtl.css vendored Normal file
View File

@ -0,0 +1,424 @@
/*!
* Bootstrap Reboot v5.1.0 (https://getbootstrap.com/)
* Copyright 2011-2021 The Bootstrap Authors
* Copyright 2011-2021 Twitter, Inc.
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
* Forked from Normalize.css, licensed MIT (https://github.com/necolas/normalize.css/blob/master/LICENSE.md)
*/
*,
*::before,
*::after {
box-sizing: border-box;
}
@media (prefers-reduced-motion: no-preference) {
:root {
scroll-behavior: smooth;
}
}
body {
margin: 0;
font-family: var(--bs-body-font-family);
font-size: var(--bs-body-font-size);
font-weight: var(--bs-body-font-weight);
line-height: var(--bs-body-line-height);
color: var(--bs-body-color);
text-align: var(--bs-body-text-align);
background-color: var(--bs-body-bg);
-webkit-text-size-adjust: 100%;
-webkit-tap-highlight-color: rgba(0, 0, 0, 0);
}
hr {
margin: 1rem 0;
color: inherit;
background-color: currentColor;
border: 0;
opacity: 0.25;
}
hr:not([size]) {
height: 1px;
}
h6, h5, h4, h3, h2, h1 {
margin-top: 0;
margin-bottom: 0.5rem;
font-weight: 500;
line-height: 1.2;
}
h1 {
font-size: calc(1.375rem + 1.5vw);
}
@media (min-width: 1200px) {
h1 {
font-size: 2.5rem;
}
}
h2 {
font-size: calc(1.325rem + 0.9vw);
}
@media (min-width: 1200px) {
h2 {
font-size: 2rem;
}
}
h3 {
font-size: calc(1.3rem + 0.6vw);
}
@media (min-width: 1200px) {
h3 {
font-size: 1.75rem;
}
}
h4 {
font-size: calc(1.275rem + 0.3vw);
}
@media (min-width: 1200px) {
h4 {
font-size: 1.5rem;
}
}
h5 {
font-size: 1.25rem;
}
h6 {
font-size: 1rem;
}
p {
margin-top: 0;
margin-bottom: 1rem;
}
abbr[title],
abbr[data-bs-original-title] {
-webkit-text-decoration: underline dotted;
text-decoration: underline dotted;
cursor: help;
-webkit-text-decoration-skip-ink: none;
text-decoration-skip-ink: none;
}
address {
margin-bottom: 1rem;
font-style: normal;
line-height: inherit;
}
ol,
ul {
padding-right: 2rem;
}
ol,
ul,
dl {
margin-top: 0;
margin-bottom: 1rem;
}
ol ol,
ul ul,
ol ul,
ul ol {
margin-bottom: 0;
}
dt {
font-weight: 700;
}
dd {
margin-bottom: 0.5rem;
margin-right: 0;
}
blockquote {
margin: 0 0 1rem;
}
b,
strong {
font-weight: bolder;
}
small {
font-size: 0.875em;
}
mark {
padding: 0.2em;
background-color: #fcf8e3;
}
sub,
sup {
position: relative;
font-size: 0.75em;
line-height: 0;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
a {
color: #0d6efd;
text-decoration: underline;
}
a:hover {
color: #0a58ca;
}
a:not([href]):not([class]), a:not([href]):not([class]):hover {
color: inherit;
text-decoration: none;
}
pre,
code,
kbd,
samp {
font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;
font-size: 1em;
direction: ltr ;
unicode-bidi: bidi-override;
}
pre {
display: block;
margin-top: 0;
margin-bottom: 1rem;
overflow: auto;
font-size: 0.875em;
}
pre code {
font-size: inherit;
color: inherit;
word-break: normal;
}
code {
font-size: 0.875em;
color: #d63384;
word-wrap: break-word;
}
a > code {
color: inherit;
}
kbd {
padding: 0.2rem 0.4rem;
font-size: 0.875em;
color: #fff;
background-color: #212529;
border-radius: 0.2rem;
}
kbd kbd {
padding: 0;
font-size: 1em;
font-weight: 700;
}
figure {
margin: 0 0 1rem;
}
img,
svg {
vertical-align: middle;
}
table {
caption-side: bottom;
border-collapse: collapse;
}
caption {
padding-top: 0.5rem;
padding-bottom: 0.5rem;
color: #6c757d;
text-align: right;
}
th {
text-align: inherit;
text-align: -webkit-match-parent;
}
thead,
tbody,
tfoot,
tr,
td,
th {
border-color: inherit;
border-style: solid;
border-width: 0;
}
label {
display: inline-block;
}
button {
border-radius: 0;
}
button:focus:not(:focus-visible) {
outline: 0;
}
input,
button,
select,
optgroup,
textarea {
margin: 0;
font-family: inherit;
font-size: inherit;
line-height: inherit;
}
button,
select {
text-transform: none;
}
[role=button] {
cursor: pointer;
}
select {
word-wrap: normal;
}
select:disabled {
opacity: 1;
}
[list]::-webkit-calendar-picker-indicator {
display: none;
}
button,
[type=button],
[type=reset],
[type=submit] {
-webkit-appearance: button;
}
button:not(:disabled),
[type=button]:not(:disabled),
[type=reset]:not(:disabled),
[type=submit]:not(:disabled) {
cursor: pointer;
}
::-moz-focus-inner {
padding: 0;
border-style: none;
}
textarea {
resize: vertical;
}
fieldset {
min-width: 0;
padding: 0;
margin: 0;
border: 0;
}
legend {
float: right;
width: 100%;
padding: 0;
margin-bottom: 0.5rem;
font-size: calc(1.275rem + 0.3vw);
line-height: inherit;
}
@media (min-width: 1200px) {
legend {
font-size: 1.5rem;
}
}
legend + * {
clear: right;
}
::-webkit-datetime-edit-fields-wrapper,
::-webkit-datetime-edit-text,
::-webkit-datetime-edit-minute,
::-webkit-datetime-edit-hour-field,
::-webkit-datetime-edit-day-field,
::-webkit-datetime-edit-month-field,
::-webkit-datetime-edit-year-field {
padding: 0;
}
::-webkit-inner-spin-button {
height: auto;
}
[type=search] {
outline-offset: -2px;
-webkit-appearance: textfield;
}
[type="tel"],
[type="url"],
[type="email"],
[type="number"] {
direction: ltr;
}
::-webkit-search-decoration {
-webkit-appearance: none;
}
::-webkit-color-swatch-wrapper {
padding: 0;
}
::file-selector-button {
font: inherit;
}
::-webkit-file-upload-button {
font: inherit;
-webkit-appearance: button;
}
output {
display: inline-block;
}
iframe {
border: 0;
}
summary {
display: list-item;
cursor: pointer;
}
progress {
vertical-align: baseline;
}
[hidden] {
display: none !important;
}
/*# sourceMappingURL=bootstrap-reboot.rtl.css.map */

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.rtl.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

8
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.rtl.min.css vendored Normal file
View File

@ -0,0 +1,8 @@
/*!
* Bootstrap Reboot v5.1.0 (https://getbootstrap.com/)
* Copyright 2011-2021 The Bootstrap Authors
* Copyright 2011-2021 Twitter, Inc.
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
* Forked from Normalize.css, licensed MIT (https://github.com/necolas/normalize.css/blob/master/LICENSE.md)
*/*,::after,::before{box-sizing:border-box}@media (prefers-reduced-motion:no-preference){:root{scroll-behavior:smooth}}body{margin:0;font-family:var(--bs-body-font-family);font-size:var(--bs-body-font-size);font-weight:var(--bs-body-font-weight);line-height:var(--bs-body-line-height);color:var(--bs-body-color);text-align:var(--bs-body-text-align);background-color:var(--bs-body-bg);-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:transparent}hr{margin:1rem 0;color:inherit;background-color:currentColor;border:0;opacity:.25}hr:not([size]){height:1px}h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:.5rem;font-weight:500;line-height:1.2}h1{font-size:calc(1.375rem + 1.5vw)}@media (min-width:1200px){h1{font-size:2.5rem}}h2{font-size:calc(1.325rem + .9vw)}@media (min-width:1200px){h2{font-size:2rem}}h3{font-size:calc(1.3rem + .6vw)}@media (min-width:1200px){h3{font-size:1.75rem}}h4{font-size:calc(1.275rem + .3vw)}@media (min-width:1200px){h4{font-size:1.5rem}}h5{font-size:1.25rem}h6{font-size:1rem}p{margin-top:0;margin-bottom:1rem}abbr[data-bs-original-title],abbr[title]{-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}ol,ul{padding-right:2rem}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-right:0}blockquote{margin:0 0 1rem}b,strong{font-weight:bolder}small{font-size:.875em}mark{padding:.2em;background-color:#fcf8e3}sub,sup{position:relative;font-size:.75em;line-height:0;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}a{color:#0d6efd;text-decoration:underline}a:hover{color:#0a58ca}a:not([href]):not([class]),a:not([href]):not([class]):hover{color:inherit;text-decoration:none}code,kbd,pre,samp{font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;font-size:1em;direction:ltr;unicode-bidi:bidi-override}pre{display:block;margin-top:0;margin-bottom:1rem;overflow:auto;font-size:.875em}pre code{font-size:inherit;color:inherit;word-break:normal}code{font-size:.875em;color:#d63384;word-wrap:break-word}a>code{color:inherit}kbd{padding:.2rem .4rem;font-size:.875em;color:#fff;background-color:#212529;border-radius:.2rem}kbd kbd{padding:0;font-size:1em;font-weight:700}figure{margin:0 0 1rem}img,svg{vertical-align:middle}table{caption-side:bottom;border-collapse:collapse}caption{padding-top:.5rem;padding-bottom:.5rem;color:#6c757d;text-align:right}th{text-align:inherit;text-align:-webkit-match-parent}tbody,td,tfoot,th,thead,tr{border-color:inherit;border-style:solid;border-width:0}label{display:inline-block}button{border-radius:0}button:focus:not(:focus-visible){outline:0}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,select{text-transform:none}[role=button]{cursor:pointer}select{word-wrap:normal}select:disabled{opacity:1}[list]::-webkit-calendar-picker-indicator{display:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]:not(:disabled),[type=reset]:not(:disabled),[type=submit]:not(:disabled),button:not(:disabled){cursor:pointer}::-moz-focus-inner{padding:0;border-style:none}textarea{resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{float:right;width:100%;padding:0;margin-bottom:.5rem;font-size:calc(1.275rem + .3vw);line-height:inherit}@media (min-width:1200px){legend{font-size:1.5rem}}legend+*{clear:right}::-webkit-datetime-edit-day-field,::-webkit-datetime-edit-fields-wrapper,::-webkit-datetime-edit-hour-field,::-webkit-datetime-edit-minute,::-webkit-datetime-edit-month-field,::-webkit-datetime-edit-text,::-webkit-datetime-edit-year-field{padding:0}::-webkit-inner-spin-button{height:auto}[type=search]{outline-offset:-2px;-webkit-appearance:textfield}[type=email],[type=number],[type=tel],[type=url]{direction:ltr}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-color-swatch-wrapper{padding:0}::file-selector-button{font:inherit}::-webkit-file-upload-button{font:inherit;-webkit-appearance:button}output{display:inline-block}iframe{border:0}summary{display:list-item;cursor:pointer}progress{vertical-align:baseline}[hidden]{display:none!important}
/*# sourceMappingURL=bootstrap-reboot.rtl.min.css.map */

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.rtl.min.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

4866
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-utilities.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-utilities.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

7
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-utilities.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-utilities.min.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

4857
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-utilities.rtl.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-utilities.rtl.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

7
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-utilities.rtl.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap-utilities.rtl.min.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

11221
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

7
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap.min.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

11197
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap.rtl.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap.rtl.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

7
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap.rtl.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/css/bootstrap.rtl.min.css.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

6780
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.bundle.js vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.bundle.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

7
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.bundle.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.bundle.min.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

4977
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.esm.js vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.esm.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

7
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.esm.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.esm.min.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

5026
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.js vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

7
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
src/MemberCenter.TestSite/wwwroot/lib/bootstrap/dist/js/bootstrap.min.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

23
src/MemberCenter.TestSite/wwwroot/lib/jquery-validation-unobtrusive/LICENSE.txt Normal file
View File

@ -0,0 +1,23 @@
The MIT License (MIT)
Copyright (c) .NET Foundation and Contributors
All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

435
src/MemberCenter.TestSite/wwwroot/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.js vendored Normal file
View File

@ -0,0 +1,435 @@
/**
* @license
* Unobtrusive validation support library for jQuery and jQuery Validate
* Copyright (c) .NET Foundation. All rights reserved.
* Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
* @version v4.0.0
*/
/*jslint white: true, browser: true, onevar: true, undef: true, nomen: true, eqeqeq: true, plusplus: true, bitwise: true, regexp: true, newcap: true, immed: true, strict: false */
/*global document: false, jQuery: false */
(function (factory) {
if (typeof define === 'function' && define.amd) {
// AMD. Register as an anonymous module.
define("jquery.validate.unobtrusive", ['jquery-validation'], factory);
} else if (typeof module === 'object' && module.exports) {
// CommonJS-like environments that support module.exports
module.exports = factory(require('jquery-validation'));
} else {
// Browser global
jQuery.validator.unobtrusive = factory(jQuery);
}
}(function ($) {
var $jQval = $.validator,
adapters,
data_validation = "unobtrusiveValidation";
function setValidationValues(options, ruleName, value) {
options.rules[ruleName] = value;
if (options.message) {
options.messages[ruleName] = options.message;
}
}
function splitAndTrim(value) {
return value.replace(/^\s+|\s+$/g, "").split(/\s*,\s*/g);
}
function escapeAttributeValue(value) {
// As mentioned on http://api.jquery.com/category/selectors/
return value.replace(/([!"#$%&'()*+,./:;<=>?@\[\\\]^`{|}~])/g, "\\$1");
}
function getModelPrefix(fieldName) {
return fieldName.substr(0, fieldName.lastIndexOf(".") + 1);
}
function appendModelPrefix(value, prefix) {
if (value.indexOf("*.") === 0) {
value = value.replace("*.", prefix);
}
return value;
}
function onError(error, inputElement) { // 'this' is the form element
var container = $(this).find("[data-valmsg-for='" + escapeAttributeValue(inputElement[0].name) + "']"),
replaceAttrValue = container.attr("data-valmsg-replace"),
replace = replaceAttrValue ? $.parseJSON(replaceAttrValue) !== false : null;
container.removeClass("field-validation-valid").addClass("field-validation-error");
error.data("unobtrusiveContainer", container);
if (replace) {
container.empty();
error.removeClass("input-validation-error").appendTo(container);
}
else {
error.hide();
}
}
function onErrors(event, validator) { // 'this' is the form element
var container = $(this).find("[data-valmsg-summary=true]"),
list = container.find("ul");
if (list && list.length && validator.errorList.length) {
list.empty();
container.addClass("validation-summary-errors").removeClass("validation-summary-valid");
$.each(validator.errorList, function () {
$("<li />").html(this.message).appendTo(list);
});
}
}
function onSuccess(error) { // 'this' is the form element
var container = error.data("unobtrusiveContainer");
if (container) {
var replaceAttrValue = container.attr("data-valmsg-replace"),
replace = replaceAttrValue ? $.parseJSON(replaceAttrValue) : null;
container.addClass("field-validation-valid").removeClass("field-validation-error");
error.removeData("unobtrusiveContainer");
if (replace) {
container.empty();
}
}
}
function onReset(event) { // 'this' is the form element
var $form = $(this),
key = '__jquery_unobtrusive_validation_form_reset';
if ($form.data(key)) {
return;
}
// Set a flag that indicates we're currently resetting the form.
$form.data(key, true);
try {
$form.data("validator").resetForm();
} finally {
$form.removeData(key);
}
$form.find(".validation-summary-errors")
.addClass("validation-summary-valid")
.removeClass("validation-summary-errors");
$form.find(".field-validation-error")
.addClass("field-validation-valid")
.removeClass("field-validation-error")
.removeData("unobtrusiveContainer")
.find(">*") // If we were using valmsg-replace, get the underlying error
.removeData("unobtrusiveContainer");
}
function validationInfo(form) {
var $form = $(form),
result = $form.data(data_validation),
onResetProxy = $.proxy(onReset, form),
defaultOptions = $jQval.unobtrusive.options || {},
execInContext = function (name, args) {
var func = defaultOptions[name];
func && $.isFunction(func) && func.apply(form, args);
};
if (!result) {
result = {
options: { // options structure passed to jQuery Validate's validate() method
errorClass: defaultOptions.errorClass || "input-validation-error",
errorElement: defaultOptions.errorElement || "span",
errorPlacement: function () {
onError.apply(form, arguments);
execInContext("errorPlacement", arguments);
},
invalidHandler: function () {
onErrors.apply(form, arguments);
execInContext("invalidHandler", arguments);
},
messages: {},
rules: {},
success: function () {
onSuccess.apply(form, arguments);
execInContext("success", arguments);
}
},
attachValidation: function () {
$form
.off("reset." + data_validation, onResetProxy)
.on("reset." + data_validation, onResetProxy)
.validate(this.options);
},
validate: function () { // a validation function that is called by unobtrusive Ajax
$form.validate();
return $form.valid();
}
};
$form.data(data_validation, result);
}
return result;
}
$jQval.unobtrusive = {
adapters: [],
parseElement: function (element, skipAttach) {
/// <summary>
/// Parses a single HTML element for unobtrusive validation attributes.
/// </summary>
/// <param name="element" domElement="true">The HTML element to be parsed.</param>
/// <param name="skipAttach" type="Boolean">[Optional] true to skip attaching the
/// validation to the form. If parsing just this single element, you should specify true.
/// If parsing several elements, you should specify false, and manually attach the validation
/// to the form when you are finished. The default is false.</param>
var $element = $(element),
form = $element.parents("form")[0],
valInfo, rules, messages;
if (!form) { // Cannot do client-side validation without a form
return;
}
valInfo = validationInfo(form);
valInfo.options.rules[element.name] = rules = {};
valInfo.options.messages[element.name] = messages = {};
$.each(this.adapters, function () {
var prefix = "data-val-" + this.name,
message = $element.attr(prefix),
paramValues = {};
if (message !== undefined) { // Compare against undefined, because an empty message is legal (and falsy)
prefix += "-";
$.each(this.params, function () {
paramValues[this] = $element.attr(prefix + this);
});
this.adapt({
element: element,
form: form,
message: message,
params: paramValues,
rules: rules,
messages: messages
});
}
});
$.extend(rules, { "__dummy__": true });
if (!skipAttach) {
valInfo.attachValidation();
}
},
parse: function (selector) {
/// <summary>
/// Parses all the HTML elements in the specified selector. It looks for input elements decorated
/// with the [data-val=true] attribute value and enables validation according to the data-val-*
/// attribute values.
/// </summary>
/// <param name="selector" type="String">Any valid jQuery selector.</param>
// $forms includes all forms in selector's DOM hierarchy (parent, children and self) that have at least one
// element with data-val=true
var $selector = $(selector),
$forms = $selector.parents()
.addBack()
.filter("form")
.add($selector.find("form"))
.has("[data-val=true]");
$selector.find("[data-val=true]").each(function () {
$jQval.unobtrusive.parseElement(this, true);
});
$forms.each(function () {
var info = validationInfo(this);
if (info) {
info.attachValidation();
}
});
}
};
adapters = $jQval.unobtrusive.adapters;
adapters.add = function (adapterName, params, fn) {
/// <summary>Adds a new adapter to convert unobtrusive HTML into a jQuery Validate validation.</summary>
/// <param name="adapterName" type="String">The name of the adapter to be added. This matches the name used
/// in the data-val-nnnn HTML attribute (where nnnn is the adapter name).</param>
/// <param name="params" type="Array" optional="true">[Optional] An array of parameter names (strings) that will
/// be extracted from the data-val-nnnn-mmmm HTML attributes (where nnnn is the adapter name, and
/// mmmm is the parameter name).</param>
/// <param name="fn" type="Function">The function to call, which adapts the values from the HTML
/// attributes into jQuery Validate rules and/or messages.</param>
/// <returns type="jQuery.validator.unobtrusive.adapters" />
if (!fn) { // Called with no params, just a function
fn = params;
params = [];
}
this.push({ name: adapterName, params: params, adapt: fn });
return this;
};
adapters.addBool = function (adapterName, ruleName) {
/// <summary>Adds a new adapter to convert unobtrusive HTML into a jQuery Validate validation, where
/// the jQuery Validate validation rule has no parameter values.</summary>
/// <param name="adapterName" type="String">The name of the adapter to be added. This matches the name used
/// in the data-val-nnnn HTML attribute (where nnnn is the adapter name).</param>
/// <param name="ruleName" type="String" optional="true">[Optional] The name of the jQuery Validate rule. If not provided, the value
/// of adapterName will be used instead.</param>
/// <returns type="jQuery.validator.unobtrusive.adapters" />
return this.add(adapterName, function (options) {
setValidationValues(options, ruleName || adapterName, true);
});
};
adapters.addMinMax = function (adapterName, minRuleName, maxRuleName, minMaxRuleName, minAttribute, maxAttribute) {
/// <summary>Adds a new adapter to convert unobtrusive HTML into a jQuery Validate validation, where
/// the jQuery Validate validation has three potential rules (one for min-only, one for max-only, and
/// one for min-and-max). The HTML parameters are expected to be named -min and -max.</summary>
/// <param name="adapterName" type="String">The name of the adapter to be added. This matches the name used
/// in the data-val-nnnn HTML attribute (where nnnn is the adapter name).</param>
/// <param name="minRuleName" type="String">The name of the jQuery Validate rule to be used when you only
/// have a minimum value.</param>
/// <param name="maxRuleName" type="String">The name of the jQuery Validate rule to be used when you only
/// have a maximum value.</param>
/// <param name="minMaxRuleName" type="String">The name of the jQuery Validate rule to be used when you
/// have both a minimum and maximum value.</param>
/// <param name="minAttribute" type="String" optional="true">[Optional] The name of the HTML attribute that
/// contains the minimum value. The default is "min".</param>
/// <param name="maxAttribute" type="String" optional="true">[Optional] The name of the HTML attribute that
/// contains the maximum value. The default is "max".</param>
/// <returns type="jQuery.validator.unobtrusive.adapters" />
return this.add(adapterName, [minAttribute || "min", maxAttribute || "max"], function (options) {
var min = options.params.min,
max = options.params.max;
if (min && max) {
setValidationValues(options, minMaxRuleName, [min, max]);
}
else if (min) {
setValidationValues(options, minRuleName, min);
}
else if (max) {
setValidationValues(options, maxRuleName, max);
}
});
};
adapters.addSingleVal = function (adapterName, attribute, ruleName) {
/// <summary>Adds a new adapter to convert unobtrusive HTML into a jQuery Validate validation, where
/// the jQuery Validate validation rule has a single value.</summary>
/// <param name="adapterName" type="String">The name of the adapter to be added. This matches the name used
/// in the data-val-nnnn HTML attribute(where nnnn is the adapter name).</param>
/// <param name="attribute" type="String">[Optional] The name of the HTML attribute that contains the value.
/// The default is "val".</param>
/// <param name="ruleName" type="String" optional="true">[Optional] The name of the jQuery Validate rule. If not provided, the value
/// of adapterName will be used instead.</param>
/// <returns type="jQuery.validator.unobtrusive.adapters" />
return this.add(adapterName, [attribute || "val"], function (options) {
setValidationValues(options, ruleName || adapterName, options.params[attribute]);
});
};
$jQval.addMethod("__dummy__", function (value, element, params) {
return true;
});
$jQval.addMethod("regex", function (value, element, params) {
var match;
if (this.optional(element)) {
return true;
}
match = new RegExp(params).exec(value);
return (match && (match.index === 0) && (match[0].length === value.length));
});
$jQval.addMethod("nonalphamin", function (value, element, nonalphamin) {
var match;
if (nonalphamin) {
match = value.match(/\W/g);
match = match && match.length >= nonalphamin;
}
return match;
});
if ($jQval.methods.extension) {
adapters.addSingleVal("accept", "mimtype");
adapters.addSingleVal("extension", "extension");
} else {
// for backward compatibility, when the 'extension' validation method does not exist, such as with versions
// of JQuery Validation plugin prior to 1.10, we should use the 'accept' method for
// validating the extension, and ignore mime-type validations as they are not supported.
adapters.addSingleVal("extension", "extension", "accept");
}
adapters.addSingleVal("regex", "pattern");
adapters.addBool("creditcard").addBool("date").addBool("digits").addBool("email").addBool("number").addBool("url");
adapters.addMinMax("length", "minlength", "maxlength", "rangelength").addMinMax("range", "min", "max", "range");
adapters.addMinMax("minlength", "minlength").addMinMax("maxlength", "minlength", "maxlength");
adapters.add("equalto", ["other"], function (options) {
var prefix = getModelPrefix(options.element.name),
other = options.params.other,
fullOtherName = appendModelPrefix(other, prefix),
element = $(options.form).find(":input").filter("[name='" + escapeAttributeValue(fullOtherName) + "']")[0];
setValidationValues(options, "equalTo", element);
});
adapters.add("required", function (options) {
// jQuery Validate equates "required" with "mandatory" for checkbox elements
if (options.element.tagName.toUpperCase() !== "INPUT" || options.element.type.toUpperCase() !== "CHECKBOX") {
setValidationValues(options, "required", true);
}
});
adapters.add("remote", ["url", "type", "additionalfields"], function (options) {
var value = {
url: options.params.url,
type: options.params.type || "GET",
data: {}
},
prefix = getModelPrefix(options.element.name);
$.each(splitAndTrim(options.params.additionalfields || options.element.name), function (i, fieldName) {
var paramName = appendModelPrefix(fieldName, prefix);
value.data[paramName] = function () {
var field = $(options.form).find(":input").filter("[name='" + escapeAttributeValue(paramName) + "']");
// For checkboxes and radio buttons, only pick up values from checked fields.
if (field.is(":checkbox")) {
return field.filter(":checked").val() || field.filter(":hidden").val() || '';
}
else if (field.is(":radio")) {
return field.filter(":checked").val() || '';
}
return field.val();
};
});
setValidationValues(options, "remote", value);
});
adapters.add("password", ["min", "nonalphamin", "regex"], function (options) {
if (options.params.min) {
setValidationValues(options, "minlength", options.params.min);
}
if (options.params.nonalphamin) {
setValidationValues(options, "nonalphamin", options.params.nonalphamin);
}
if (options.params.regex) {
setValidationValues(options, "regex", options.params.regex);
}
});
adapters.add("fileextensions", ["extensions"], function (options) {
setValidationValues(options, "extension", options.params.extensions);
});
$(function () {
$jQval.unobtrusive.parse(document);
});
return $jQval.unobtrusive;
}));

8
src/MemberCenter.TestSite/wwwroot/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

22
src/MemberCenter.TestSite/wwwroot/lib/jquery-validation/LICENSE.md Normal file
View File

@ -0,0 +1,22 @@
The MIT License (MIT)
=====================
Copyright Jörn Zaefferer
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

1512
src/MemberCenter.TestSite/wwwroot/lib/jquery-validation/dist/additional-methods.js vendored Normal file
View File

File diff suppressed because it is too large Load Diff

4
src/MemberCenter.TestSite/wwwroot/lib/jquery-validation/dist/additional-methods.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1661
src/MemberCenter.TestSite/wwwroot/lib/jquery-validation/dist/jquery.validate.js vendored Normal file
View File

File diff suppressed because it is too large Load Diff

4
src/MemberCenter.TestSite/wwwroot/lib/jquery-validation/dist/jquery.validate.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

21
src/MemberCenter.TestSite/wwwroot/lib/jquery/LICENSE.txt Normal file
View File

@ -0,0 +1,21 @@
Copyright OpenJS Foundation and other contributors, https://openjsf.org/
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

10881
src/MemberCenter.TestSite/wwwroot/lib/jquery/dist/jquery.js vendored Normal file
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More