Add Nextcloud provider (#325)

* Add Nextcloud provider and unit test

* updated according to suggestions

* Change ClaimTypes.Name to Claims.Username

Author: zAfLu

AspNet.Security.OAuth.Providers.sln

@@ -159,6 +159,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Odnok
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Trakt", "src\AspNet.Security.OAuth.Trakt\AspNet.Security.OAuth.Trakt.csproj", "{5325536E-8E3A-4611-AB92-B03369493354}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Nextcloud", "src\AspNet.Security.OAuth.Nextcloud\AspNet.Security.OAuth.Nextcloud.csproj", "{92AE059B-928C-404F-BFC6-9CA57712AB90}"
+EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AspNet.Security.OAuth.Shopify", "src\AspNet.Security.OAuth.Shopify\AspNet.Security.OAuth.Shopify.csproj", "{112F6B50-0FD3-45AA-992E-72D7B873BF00}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Mvc.Client", "samples\Mvc.Client\Mvc.Client.csproj", "{140A6CAD-FC84-4A09-A939-8A5692DF0C7C}"
@@ -385,6 +387,10 @@ Global
 		{5325536E-8E3A-4611-AB92-B03369493354}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{5325536E-8E3A-4611-AB92-B03369493354}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{5325536E-8E3A-4611-AB92-B03369493354}.Release|Any CPU.Build.0 = Release|Any CPU
+		{92AE059B-928C-404F-BFC6-9CA57712AB90}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{92AE059B-928C-404F-BFC6-9CA57712AB90}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{92AE059B-928C-404F-BFC6-9CA57712AB90}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{92AE059B-928C-404F-BFC6-9CA57712AB90}.Release|Any CPU.Build.0 = Release|Any CPU
 		{112F6B50-0FD3-45AA-992E-72D7B873BF00}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{112F6B50-0FD3-45AA-992E-72D7B873BF00}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{112F6B50-0FD3-45AA-992E-72D7B873BF00}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -461,6 +467,7 @@ Global
 		{CC1E9908-075D-4138-852A-6EA3B5F32E88} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{27DB335F-5012-4276-98C5-EAEA335C8C7B} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{5325536E-8E3A-4611-AB92-B03369493354} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
+		{92AE059B-928C-404F-BFC6-9CA57712AB90} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{112F6B50-0FD3-45AA-992E-72D7B873BF00} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}
 		{140A6CAD-FC84-4A09-A939-8A5692DF0C7C} = {BAC7067D-88FE-4385-8AC9-1A325FFBDE69}
 		{FACB1C2F-3BF7-4DD3-958B-E471E69E214A} = {C1352FD3-AE8B-43EE-B45B-F6E0B3FBAC6D}

README.md

@@ -133,6 +133,7 @@ If a provider you're looking for does not exist, consider making a PR to add one
 | MailChimp | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.MailChimp?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.MailChimp/ "Download AspNet.Security.OAuth.MailChimp from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.MailChimp?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.MailChimp "Download AspNet.Security.OAuth.MailChimp from MyGet.org") | [Documentation](https://developer.mailchimp.com/documentation/mailchimp/guides/how-to-use-oauth2/ "MailChimp developer documentation") |
 | MailRu | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.MailRu?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.MailRu/ "Download AspNet.Security.OAuth.MailRu from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.MailRu?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.MailRu "Download AspNet.Security.OAuth.MailRu from MyGet.org") | [Documentation](https://o2.mail.ru/docs#web "MailRu developer documentation") |
 | Myob | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Myob?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Myob/ "Download AspNet.Security.OAuth.Myob from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Myob?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Myob "Download AspNet.Security.OAuth.Myob from MyGet.org") | [Documentation](https://developer.myob.com/api/accountright/api-overview/authentication/ "Myob developer documentation") |
+| Nextcloud | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Nextcloud?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Nextcloud/ "Download AspNet.Security.OAuth.Nextcloud from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Nextcloud?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Nextcloud "Download AspNet.Security.OAuth.Nextcloud from MyGet.org") | [Documentation](https://docs.nextcloud.com/server/14/admin_manual/configuration_server/oauth2.html "Nextcloud developer documentation")  [User EndPoint Documentation](https://docs.nextcloud.com/server/15/developer_manual/client_apis/OCS/index.html#user-metadata "Nextcloud developer documentation") |
 | Odnoklassniki | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Odnoklassniki?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Odnoklassniki/ "Download AspNet.Security.OAuth.Odnoklassniki from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Odnoklassniki?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Odnoklassniki "Download AspNet.Security.OAuth.Odnoklassniki from MyGet.org") | [Documentation](https://apiok.ru/ext/oauth/server "Odnoklassniki developer documentation") |
 | Onshape | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Onshape?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Onshape/ "Download AspNet.Security.OAuth.Onshape from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Onshape?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Onshape "Download AspNet.Security.OAuth.Onshape from MyGet.org") | N/A |
 | Patreon | [![NuGet](https://buildstats.info/nuget/AspNet.Security.OAuth.Patreon?includePreReleases=false)](https://www.nuget.org/packages/AspNet.Security.OAuth.Patreon/ "Download AspNet.Security.OAuth.Patreon from NuGet.org") | [![MyGet](https://buildstats.info/myget/aspnet-contrib/AspNet.Security.OAuth.Patreon?includePreReleases=false)](https://www.myget.org/feed/aspnet-contrib/package/nuget/AspNet.Security.OAuth.Patreon "Download AspNet.Security.OAuth.Patreon from MyGet.org") | [Documentation](https://docs.patreon.com/#oauth "Patreon developer documentation") |

src/AspNet.Security.OAuth.Nextcloud/AspNet.Security.OAuth.Nextcloud.csproj

@@ -0,0 +1,20 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <Import Project="..\..\build\packages.props" />
+
+  <PropertyGroup>
+    <TargetFramework>netstandard2.0</TargetFramework>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <Description>ASP.NET Core security middleware enabling Nextcloud authentication.</Description>
+    <Authors>Dennis "zAfLu" Everts</Authors>
+    <PackageTags>aspnetcore;authentication;oauth;security;nextcloud</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="JetBrains.Annotations" Version="$(JetBrainsVersion)" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OAuth" Version="$(AspNetCoreVersion)" />
+  </ItemGroup>
+
+</Project>

src/AspNet.Security.OAuth.Nextcloud/NextcloudAuthenticationConstants.cs

@@ -0,0 +1,24 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+namespace AspNet.Security.OAuth.Nextcloud
+{
+    /// <summary>
+    /// Contains constants specific to the <see cref="NextcloudAuthenticationHandler"/>.
+    /// </summary>
+    public static class NextcloudAuthenticationConstants
+    {
+        public static class Claims
+        {
+            public const string Groups = "urn:nextcloud:groups";
+            public const string Username = "urn:nextcloud:username";
+            public const string DisplayName = "urn:nextcloud:displayname";
+            public const string IsEnabled = "urn:nextcloud:enabled";
+            public const string Language = "urn:nextcloud:language";
+            public const string Locale = "urn:nextcloud:locale";
+        }
+    }
+}

src/AspNet.Security.OAuth.Nextcloud/NextcloudAuthenticationDefaults.cs

@@ -0,0 +1,36 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using Microsoft.AspNetCore.Authentication;
+
+namespace AspNet.Security.OAuth.Nextcloud
+{
+    /// <summary>
+    /// Default values used by the Nextcloud authentication middleware.
+    /// </summary>
+    public static class NextcloudAuthenticationDefaults
+    {
+        /// <summary>
+        /// Default value for <see cref="AuthenticationScheme.Name"/>.
+        /// </summary>
+        public const string AuthenticationScheme = "Nextcloud";
+
+        /// <summary>
+        /// Default value for <see cref="AuthenticationScheme.DisplayName"/>.
+        /// </summary>
+        public const string DisplayName = "Nextcloud";
+
+        /// <summary>
+        /// Default value for <see cref="AuthenticationSchemeOptions.ClaimsIssuer"/>.
+        /// </summary>
+        public const string Issuer = "Nextcloud";
+
+        /// <summary>
+        /// Default value for <see cref="RemoteAuthenticationOptions.CallbackPath"/>.
+        /// </summary>
+        public const string CallbackPath = "/signin-nextcloud";
+    }
+}

src/AspNet.Security.OAuth.Nextcloud/NextcloudAuthenticationExtensions.cs

@@ -0,0 +1,76 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System;
+using AspNet.Security.OAuth.Nextcloud;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods to add Nextcloud authentication capabilities to an HTTP application pipeline.
+    /// </summary>
+    public static class NextcloudAuthenticationExtensions
+    {
+        /// <summary>
+        /// Adds <see cref="NextcloudAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables Nextcloud authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static AuthenticationBuilder AddNextcloud([NotNull] this AuthenticationBuilder builder)
+        {
+            return builder.AddNextcloud(NextcloudAuthenticationDefaults.AuthenticationScheme, options => { });
+        }
+
+        /// <summary>
+        /// Adds <see cref="NextcloudAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables Nextcloud authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="configuration">The delegate used to configure the OpenID 2.0 options.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static AuthenticationBuilder AddNextcloud(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] Action<NextcloudAuthenticationOptions> configuration)
+        {
+            return builder.AddNextcloud(NextcloudAuthenticationDefaults.AuthenticationScheme, configuration);
+        }
+
+        /// <summary>
+        /// Adds <see cref="NextcloudAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables Nextcloud authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
+        /// <param name="configuration">The delegate used to configure the Nextcloud options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddNextcloud(
+            [NotNull] this AuthenticationBuilder builder, [NotNull] string scheme,
+            [NotNull] Action<NextcloudAuthenticationOptions> configuration)
+        {
+            return builder.AddNextcloud(scheme, NextcloudAuthenticationDefaults.DisplayName, configuration);
+        }
+
+        /// <summary>
+        /// Adds <see cref="NextcloudAuthenticationHandler"/> to the specified
+        /// <see cref="AuthenticationBuilder"/>, which enables Nextcloud authentication capabilities.
+        /// </summary>
+        /// <param name="builder">The authentication builder.</param>
+        /// <param name="scheme">The authentication scheme associated with this instance.</param>
+        /// <param name="caption">The optional display name associated with this instance.</param>
+        /// <param name="configuration">The delegate used to configure the Nextcloud options.</param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddNextcloud(
+            [NotNull] this AuthenticationBuilder builder,
+            [NotNull] string scheme, [CanBeNull] string caption,
+            [NotNull] Action<NextcloudAuthenticationOptions> configuration)
+        {
+            return builder.AddOAuth<NextcloudAuthenticationOptions, NextcloudAuthenticationHandler>(scheme, caption, configuration);
+        }
+    }
+}

src/AspNet.Security.OAuth.Nextcloud/NextcloudAuthenticationHandler.cs

@@ -0,0 +1,66 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Newtonsoft.Json.Linq;
+
+namespace AspNet.Security.OAuth.Nextcloud
+{
+    public class NextcloudAuthenticationHandler : OAuthHandler<NextcloudAuthenticationOptions>
+    {
+        public NextcloudAuthenticationHandler(
+            [NotNull] IOptionsMonitor<NextcloudAuthenticationOptions> options,
+            [NotNull] ILoggerFactory logger,
+            [NotNull] UrlEncoder encoder,
+            [NotNull] ISystemClock clock)
+            : base(options, logger, encoder, clock)
+        {
+        }
+
+        protected override async Task<AuthenticationTicket> CreateTicketAsync([NotNull] ClaimsIdentity identity,
+            [NotNull] AuthenticationProperties properties, [NotNull] OAuthTokenResponse tokens)
+        {
+            string userId = tokens.Response.Value<string>("user_id");
+            string userEndpoint = Options.UserInformationEndpoint.TrimEnd('/');
+            userEndpoint += $"/{Uri.EscapeUriString(userId)}";
+
+            var request = new HttpRequestMessage(HttpMethod.Get, userEndpoint);
+            request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
+
+            var response = await Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted);
+            if (!response.IsSuccessStatusCode)
+            {
+                Logger.LogError("An error occurred while retrieving the user profile: the remote server " +
+                                "returned a {Status} response with the following payload: {Headers} {Body}.",
+                                /* Status: */ response.StatusCode,
+                                /* Headers: */ response.Headers.ToString(),
+                                /* Body: */ await response.Content.ReadAsStringAsync());
+
+                throw new HttpRequestException("An error occurred while retrieving the user profile.");
+            }
+
+            var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
+
+            var principal = new ClaimsPrincipal(identity);
+            var context = new OAuthCreatingTicketContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, payload);
+            context.RunClaimActions(payload);
+
+            await Options.Events.CreatingTicket(context);
+            return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
+        }
+    }
+}

src/AspNet.Security.OAuth.Nextcloud/NextcloudAuthenticationOptions.cs

@@ -0,0 +1,66 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Http;
+using Newtonsoft.Json.Linq;
+using static AspNet.Security.OAuth.Nextcloud.NextcloudAuthenticationConstants;
+
+namespace AspNet.Security.OAuth.Nextcloud
+{
+    public class NextcloudAuthenticationOptions : OAuthOptions
+    {
+        public NextcloudAuthenticationOptions()
+        {
+            ClaimsIssuer = NextcloudAuthenticationDefaults.Issuer;
+            CallbackPath = NextcloudAuthenticationDefaults.CallbackPath;
+
+            ClaimActions.MapCustomJson(ClaimTypes.NameIdentifier, user =>
+            {
+                return user["ocs"]?["data"]?.Value<string>("id");
+            });
+
+            ClaimActions.MapCustomJson(Claims.Username, user =>
+            {
+                return user["ocs"]?["data"]?.Value<string>("id");
+            });
+
+            ClaimActions.MapCustomJson(Claims.DisplayName, user =>
+            {
+                return user["ocs"]?["data"]?.Value<string>("displayname");
+            });
+
+            ClaimActions.MapCustomJson(ClaimTypes.Email, user =>
+            {
+                return user["ocs"]?["data"]?.Value<string>("email");
+            });
+
+            ClaimActions.MapCustomJson(Claims.Groups, user =>
+            {
+                var groups = (JArray)user["ocs"]?["data"]?["groups"];
+                return string.Join(",", groups.ToList());
+            });
+
+            ClaimActions.MapCustomJson(Claims.IsEnabled, user =>
+            {
+                return user["ocs"]?["data"]?.Value<string>("enabled");
+            });
+
+            ClaimActions.MapCustomJson(Claims.Language, user =>
+            {
+                return user["ocs"]?["data"]?.Value<string>("language");
+            });
+
+            ClaimActions.MapCustomJson(Claims.Locale, user =>
+            {
+                return user["ocs"]?["data"]?.Value<string>("locale");
+            });
+        }
+    }
+}