Include updates from halter73/BlazorWebIdentity#2

Author: halter73

src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/.template.config/template.json

@@ -114,7 +114,9 @@
           "condition": "(!IndividualLocalAuth)",
           "exclude": [
             "BlazorWeb-CSharp/Components/Pages/Account/**",
+            "BlazorWeb-CSharp/Components/Identity/**",
             "BlazorWeb-CSharp/Data/**",
+            "BlazorWeb-CSharp/Identity/**",
             "BlazorWeb-CSharp/PersistingAuthenticationStateProvider.cs",
             "BlazorWeb-CSharp.Client/PersistedAuthenticationStateProvider.cs",
             "BlazorWeb-CSharp.Client/UserInfo.cs",

src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Identity/ExternalLoginPicker.razor

@@ -0,0 +1,46 @@
+@using Microsoft.AspNetCore.Authentication
+@using Microsoft.AspNetCore.Identity
+@using BlazorWeb_CSharp.Components.Pages.Account
+@using BlazorWeb_CSharp.Data
+
+@inject SignInManager<ApplicationUser> SignInManager
+@inject NavigationManager NavigationManager
+
+@if ((_externalLogins?.Count ?? 0) == 0)
+{
+    <div>
+        <p>
+            There are no external authentication services configured. See this <a href="https://go.microsoft.com/fwlink/?LinkID=532715">article
+            about setting up this ASP.NET application to support logging in via external services</a>.
+        </p>
+    </div>
+}
+else
+{
+    <form id="external-account" class="form-horizontal" action="/Account/PerformExternalLogin" method="post">
+        <div>
+            <AntiforgeryToken />
+            <input type="hidden" name="ReturnUrl" value="@ReturnUrl" />
+            <p>
+                @foreach (var provider in _externalLogins!)
+                {
+                    <button type="submit" class="btn btn-primary" name="provider" value="@provider.Name" title="Log in using your @provider.DisplayName account">@provider.DisplayName</button>
+                }
+            </p>
+        </div>
+    </form>
+}
+
+@code {
+    private IList<AuthenticationScheme>? _externalLogins;
+
+    [SupplyParameterFromQuery]
+    private string ReturnUrl { get; set; } = default!;
+
+    protected override async Task OnInitializedAsync()
+    {
+        ReturnUrl ??= "/";
+
+        _externalLogins = (await SignInManager.GetExternalAuthenticationSchemesAsync()).ToList();
+    }
+}

src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Identity/StatusMessage.razor

@@ -0,0 +1,20 @@
+@{
+    var message = Message ?? MessageFromQuery;
+}
+
+@if (!string.IsNullOrEmpty(message))
+{
+    var statusMessageClass = message.StartsWith("Error") ? "danger" : "success";
+    <div class="alert alert-@statusMessageClass alert-dismissible" role="alert">
+        <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+        @message
+    </div>
+}
+
+@code {
+    [Parameter]
+    public string? Message { get; set; }
+
+    [SupplyParameterFromQuery(Name = "Message")]
+    public string? MessageFromQuery { get; set; }
+}

src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Pages/Account/ConfirmEmail.razor

@@ -26,7 +26,7 @@
     {
         if (UserId == null || Code == null)
         {
-            NavigationManager.NavigateTo("/");
+            NavigationManager.RedirectTo("/");
         }
         else
         {

src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Pages/Account/ConfirmEmailChange.razor

@@ -0,0 +1,64 @@
+@page "/Account/ConfirmEmailChange"
+
+@using System.Text
+@using Microsoft.AspNetCore.Identity
+@using Microsoft.AspNetCore.WebUtilities
+@using BlazorWeb_CSharp.Data
+
+@inject UserManager<ApplicationUser> UserManager
+@inject SignInManager<ApplicationUser> SignInManager
+@inject UserAccessor UserAccessor
+@inject NavigationManager NavigationManager
+
+<PageTitle>Confirm email change</PageTitle>
+
+<h1>Confirm email change</h1>
+
+<StatusMessage Message="@_message" />
+
+@code {
+    private string? _message;
+    private ApplicationUser _user = default!;
+
+    [SupplyParameterFromQuery]
+    private string? UserId { get; set; }
+
+    [SupplyParameterFromQuery]
+    private string? Email { get; set; }
+
+    [SupplyParameterFromQuery]
+    private string? Code { get; set; }
+
+    protected override async Task OnInitializedAsync()
+    {
+        if (UserId is null || Email is null || Code is null)
+        {
+            NavigationManager.RedirectTo(
+                "/Account/Login",
+                new() { ["Message"] = "Error: Invalid email change confirmation link." });
+            return;
+        }
+
+        _user = await UserAccessor.GetRequiredUserAsync();
+
+        var code = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(Code));
+        var result = await UserManager.ChangeEmailAsync(_user, Email, code);
+        if (!result.Succeeded)
+        {
+            _message = "Error changing email.";
+            return;
+        }
+
+        // In our UI email and user name are one and the same, so when we update the email
+        // we need to update the user name.
+        var setUserNameResult = await UserManager.SetUserNameAsync(_user, Email);
+        if (!setUserNameResult.Succeeded)
+        {
+            _message = "Error changing user name.";
+            return;
+        }
+
+        await SignInManager.RefreshSignInAsync(_user);
+        _message = "Thank you for confirming your email change.";
+    }
+}

src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Pages/Account/ExternalLogin.razor

@@ -0,0 +1,215 @@
+@page "/Account/ExternalLogin"
+
+@using System.ComponentModel.DataAnnotations
+@using System.Security.Claims
+@using System.Text
+@using System.Text.Encodings.Web
+@using Microsoft.AspNetCore.Identity
+@using Microsoft.AspNetCore.Identity.UI.Services
+@using Microsoft.AspNetCore.WebUtilities
+@using BlazorWeb_CSharp.Data
+
+@inject SignInManager<ApplicationUser> SignInManager
+@inject UserManager<ApplicationUser> UserManager
+@inject IUserStore<ApplicationUser> UserStore
+@inject IEmailSender EmailSender
+@inject NavigationManager NavigationManager
+@inject ILogger<ExternalLogin> Logger
+
+@{
+    var providerDisplayName = _externalLoginInfo.ProviderDisplayName;
+}
+
+<PageTitle>Register</PageTitle>
+
+<StatusMessage Message="@_message" />
+<h1>Register</h1>
+<h2 id="external-login-title">Associate your @providerDisplayName account.</h2>
+<hr />
+
+<p id="external-login-description" class="text-info">
+    You've successfully authenticated with <strong>@providerDisplayName</strong>.
+    Please enter an email address for this site below and click the Register button to finish
+    logging in.
+</p>
+
+<div class="row">
+    <div class="col-md-4">
+        <EditForm id="confirmation-form" Model="Input" OnValidSubmit="OnValidSubmitAsync" FormName="confirmation" method="post">
+            <DataAnnotationsValidator />
+            <ValidationSummary />
+            <div class="form-floating mb-3">
+                <InputText id="email" @bind-Value="Input.Email" class="form-control" autocomplete="email" placeholder="Please enter your email." />
+                <label for="email" class="form-label">Email</label>
+                <ValidationMessage For="() => Input.Email" />
+            </div>
+            <button type="submit" class="w-100 btn btn-lg btn-primary">Register</button>
+        </EditForm>
+    </div>
+</div>
+
+@code {
+    public const string LoginCallbackAction = "LoginCallback";
+
+    private string? _message;
+    private ExternalLoginInfo _externalLoginInfo = default!;
+    private IUserEmailStore<ApplicationUser> _emailStore = default!;
+
+    [SupplyParameterFromQuery]
+    private string? RemoteError { get; set; }
+
+    [CascadingParameter]
+    public HttpContext HttpContext { get; set; } = default!;
+
+    [SupplyParameterFromForm]
+    private InputModel Input { get; set; } = default!;
+
+    [SupplyParameterFromQuery]
+    private string ReturnUrl { get; set; } = default!;
+
+    [SupplyParameterFromQuery]
+    private string? Action { get; set; } = default!;
+
+    protected override async Task OnInitializedAsync()
+    {
+        Input ??= new();
+        ReturnUrl ??= "/";
+
+        if (RemoteError is not null)
+        {
+            NavigationManager.RedirectTo(
+                "/Account/Login",
+                new() { ["Message"] = "Error from external provider: " + RemoteError });
+            return;
+        }
+
+        var externalLoginInfo = await SignInManager.GetExternalLoginInfoAsync();
+        if (externalLoginInfo is null)
+        {
+            NavigationManager.RedirectTo(
+                "/Account/Login",
+                new() { ["Message"] = "Error loading external login information." });
+            return;
+        }
+
+        _externalLoginInfo = externalLoginInfo;
+        _emailStore = GetEmailStore();
+
+        if (HttpMethods.IsGet(HttpContext.Request.Method))
+        {
+            if (Action == LoginCallbackAction)
+            {
+                await OnLoginCallbackAsync();
+                return;
+            }
+
+            // We should only reach this page via the login callback, so redirect back to
+            // the login page if we get here some other way.
+            NavigationManager.RedirectTo("/Account/Login");
+            return;
+        }
+    }
+
+    private async Task OnLoginCallbackAsync()
+    {
+        // Sign in the user with this external login provider if the user already has a login.
+        var result = await SignInManager.ExternalLoginSignInAsync(
+            _externalLoginInfo.LoginProvider,
+            _externalLoginInfo.ProviderKey,
+            isPersistent: false,
+            bypassTwoFactor: true);
+        if (result.Succeeded)
+        {
+            Logger.LogInformation(
+                "{Name} logged in with {LoginProvider} provider.",
+                _externalLoginInfo.Principal.Identity?.Name,
+                _externalLoginInfo.LoginProvider);
+            NavigationManager.RedirectTo(ReturnUrl);
+            return;
+        }
+
+        if (result.IsLockedOut)
+        {
+            NavigationManager.RedirectTo("/Account/Lockout");
+            return;
+        }
+
+        // If the user does not have an account, then ask the user to create an account.
+        if (_externalLoginInfo.Principal.HasClaim(c => c.Type == ClaimTypes.Email))
+        {
+            Input.Email = _externalLoginInfo.Principal.FindFirstValue(ClaimTypes.Email);
+        }
+    }
+
+    private async Task OnValidSubmitAsync()
+    {
+        var user = CreateUser();
+
+        await UserStore.SetUserNameAsync(user, Input.Email, CancellationToken.None);
+        await _emailStore.SetEmailAsync(user, Input.Email, CancellationToken.None);
+
+        var result = await UserManager.CreateAsync(user);
+        if (result.Succeeded)
+        {
+            result = await UserManager.AddLoginAsync(user, _externalLoginInfo);
+            if (result.Succeeded)
+            {
+                Logger.LogInformation("User created an account using {Name} provider.", _externalLoginInfo.LoginProvider);
+
+                var userId = await UserManager.GetUserIdAsync(user);
+                var code = await UserManager.GenerateEmailConfirmationTokenAsync(user);
+                code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
+
+                var callbackUrl = NavigationManager.GetUriWithQueryParameters(
+                    $"{NavigationManager.BaseUri}Account/ConfirmEmail",
+                    new Dictionary<string, object?> { { "userId", userId }, { "code", code } });
+                await EmailSender.SendEmailAsync(Input.Email!, "Confirm your email",
+                    $"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
+
+                // If account confirmation is required, we need to show the link if we don't have a real email sender
+                if (UserManager.Options.SignIn.RequireConfirmedAccount)
+                {
+                    NavigationManager.RedirectTo("/Account/RegisterConfirmation", new() { ["Email"] = Input.Email });
+                    return;
+                }
+
+                await SignInManager.SignInAsync(user, isPersistent: false, _externalLoginInfo.LoginProvider);
+                NavigationManager.RedirectTo(ReturnUrl);
+                return;
+            }
+        }
+        else
+        {
+            _message = $"Error: {string.Join(",", result.Errors.Select(error => error.Description))}";
+        }
+    }
+
+    private ApplicationUser CreateUser()
+    {
+        try
+        {
+            return Activator.CreateInstance<ApplicationUser>();
+        }
+        catch
+        {
+            throw new InvalidOperationException($"Can't create an instance of '{nameof(ApplicationUser)}'. " +
+                $"Ensure that '{nameof(ApplicationUser)}' is not an abstract class and has a parameterless constructor");
+        }
+    }
+
+    private IUserEmailStore<ApplicationUser> GetEmailStore()
+    {
+        if (!UserManager.SupportsUserEmail)
+        {
+            throw new NotSupportedException("The default UI requires a user store with email support.");
+        }
+        return (IUserEmailStore<ApplicationUser>)UserStore;
+    }
+
+    private sealed class InputModel
+    {
+        [Required]
+        [EmailAddress]
+        public string? Email { get; set; }
+    }
+}

src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Pages/Account/ForgotPassword.razor

@@ -43,7 +43,7 @@
         if (user is null || !(await UserManager.IsEmailConfirmedAsync(user)))
         {
             // Don't reveal that the user does not exist or is not confirmed
-            NavigationManager.NavigateTo("/Account/ForgotPasswordConfirmation");
+            NavigationManager.RedirectTo("/Account/ForgotPasswordConfirmation");
             return;
         }
 
@@ -52,15 +52,15 @@
         var code = await UserManager.GeneratePasswordResetTokenAsync(user);
         code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
         var callbackUrl = NavigationManager.GetUriWithQueryParameters(
-            $"{NavigationManager.BaseUri}Identity/Account/ResetPassword",
+            $"{NavigationManager.BaseUri}Account/ResetPassword",
             new Dictionary<string, object?> { { "code", code } });
 
         await EmailSender.SendEmailAsync(
             Input.Email,
             "Reset Password",
             $"Please reset your password by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
 
-        NavigationManager.NavigateTo("/Account/ForgotPasswordConfirmation");
+        NavigationManager.RedirectTo("/Account/ForgotPasswordConfirmation");
     }
 
     private sealed class InputModel