diff options
5 files changed, 49 insertions, 0 deletions
diff --git a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs index ed703ed..6d875b4 100644 --- a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs +++ b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs @@ -226,11 +226,32 @@ } } + [Authorize, AcceptVerbs(HttpVerbs.Delete)] // ValidateAntiForgeryToken would be GREAT here, but it's not a FORM POST operation so that doesn't work. + public ActionResult RevokeToken(string token) { + if (String.IsNullOrEmpty(token)) { + throw new ArgumentNullException("token"); + } + + var tokenEntity = Database.DataContext.IssuedTokens.OfType<IssuedAccessToken>().Where(t => t.User.UserId == Database.LoggedInUser.UserId && t.Token == token).FirstOrDefault(); + if (tokenEntity == null) { + throw new ArgumentOutOfRangeException("id", "The logged in user does not have a token with this name to revoke."); + } + + Database.DataContext.DeleteObject(tokenEntity); + Database.DataContext.SaveChanges(); // make changes now so the model we fill up reflects the change + + return PartialView("AuthorizedApps", GetAccountInfoModel()); + } + private static AccountInfoModel GetAccountInfoModel() { + var authorizedApps = from token in Database.DataContext.IssuedTokens.OfType<IssuedAccessToken>() + where token.User.UserId == Database.LoggedInUser.UserId + select new AccountInfoModel.AuthorizedApp { AppName = token.Consumer.Name, Token = token.Token }; var model = new AccountInfoModel { FirstName = Database.LoggedInUser.FirstName, LastName = Database.LoggedInUser.LastName, EmailAddress = Database.LoggedInUser.EmailAddress, + AuthorizedApps = authorizedApps.ToList(), }; return model; } diff --git a/projecttemplates/MvcRelyingParty/Models/AccountInfoModel.cs b/projecttemplates/MvcRelyingParty/Models/AccountInfoModel.cs index 04fda47..fbd0ae7 100644 --- a/projecttemplates/MvcRelyingParty/Models/AccountInfoModel.cs +++ b/projecttemplates/MvcRelyingParty/Models/AccountInfoModel.cs @@ -10,5 +10,13 @@ public string LastName { get; set; } public string EmailAddress { get; set; } + + public IList<AuthorizedApp> AuthorizedApps { get; set; } + + public class AuthorizedApp { + public string Token { get; set; } + + public string AppName { get; set; } + } } } diff --git a/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj b/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj index ad26174..4c9dab7 100644 --- a/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj +++ b/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj @@ -128,6 +128,7 @@ <Content Include="OAuth.ashx" /> <Content Include="Views\Account\Authorize.aspx" /> <Content Include="Views\Account\AuthorizeApproved.aspx" /> + <Content Include="Views\Account\AuthorizedApps.ascx" /> <Content Include="Views\Account\AuthorizeDenied.aspx" /> </ItemGroup> <ItemGroup> diff --git a/projecttemplates/MvcRelyingParty/Views/Account/AuthorizedApps.ascx b/projecttemplates/MvcRelyingParty/Views/Account/AuthorizedApps.ascx new file mode 100644 index 0000000..57c2b1a --- /dev/null +++ b/projecttemplates/MvcRelyingParty/Views/Account/AuthorizedApps.ascx @@ -0,0 +1,15 @@ +<%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<MvcRelyingParty.Models.AccountInfoModel>" %> +<h3> + Authorized applications +</h3> +<% if (Model.AuthorizedApps.Count == 0) { %> +<p> + You have not authorized any applications or web sites to access your data. +</p> +<% } else { %> + <ul> + <% foreach (var app in Model.AuthorizedApps) { %> + <li><%= Html.Encode(app.AppName) %> - <%= Ajax.ActionLink("revoke", "RevokeToken", new { token = app.Token }, new AjaxOptions { HttpMethod = "DELETE", UpdateTargetId = "authorizedApps", OnFailure = "function(e) { alert('Revoking authorization for this application failed.'); }" }) %></li> + <% } %> + </ul> +<% } %>
\ No newline at end of file diff --git a/projecttemplates/MvcRelyingParty/Views/Account/Edit.aspx b/projecttemplates/MvcRelyingParty/Views/Account/Edit.aspx index 38d621d..e1a1872 100644 --- a/projecttemplates/MvcRelyingParty/Views/Account/Edit.aspx +++ b/projecttemplates/MvcRelyingParty/Views/Account/Edit.aspx @@ -23,5 +23,9 @@ </div> <input type="submit" value="Save" /> <span id="updatingMessage" style="display: none">Saving...</span> + + <div id="authorizedApps"> + <% Html.RenderPartial("AuthorizedApps"); %> + </div> <% } %> </asp:Content> |