55using SmartStore . Plugin . ExternalAuth . Facebook . Models ;
66using SmartStore . Services . Authentication . External ;
77using SmartStore . Services . Configuration ;
8+ using SmartStore . Services . Security ;
89using SmartStore . Web . Framework ;
910using SmartStore . Web . Framework . Controllers ;
1011
@@ -19,26 +20,32 @@ public class ExternalAuthFacebookController : Controller
1920 private readonly IOpenAuthenticationService _openAuthenticationService ;
2021 private readonly ExternalAuthenticationSettings _externalAuthenticationSettings ;
2122 private readonly IStoreContext _storeContext ;
23+ private readonly IPermissionService _permissionService ;
2224
2325 public ExternalAuthFacebookController ( ISettingService settingService ,
2426 FacebookExternalAuthSettings facebookExternalAuthSettings ,
2527 IOAuthProviderFacebookAuthorizer oAuthProviderFacebookAuthorizer ,
2628 IOpenAuthenticationService openAuthenticationService ,
2729 ExternalAuthenticationSettings externalAuthenticationSettings ,
28- IStoreContext storeContext )
30+ IStoreContext storeContext ,
31+ IPermissionService permissionService )
2932 {
3033 this . _settingService = settingService ;
3134 this . _facebookExternalAuthSettings = facebookExternalAuthSettings ;
3235 this . _oAuthProviderFacebookAuthorizer = oAuthProviderFacebookAuthorizer ;
3336 this . _openAuthenticationService = openAuthenticationService ;
3437 this . _externalAuthenticationSettings = externalAuthenticationSettings ;
3538 this . _storeContext = storeContext ;
39+ this . _permissionService = permissionService ;
3640 }
3741
3842 [ AdminAuthorize ]
3943 [ ChildActionOnly ]
4044 public ActionResult Configure ( )
4145 {
46+ if ( ! _permissionService . Authorize ( StandardPermissionProvider . ManageExternalAuthenticationMethods ) )
47+ return Content ( "Access denied" ) ;
48+
4249 var model = new ConfigurationModel ( ) ;
4350 model . ClientKeyIdentifier = _facebookExternalAuthSettings . ClientKeyIdentifier ;
4451 model . ClientSecret = _facebookExternalAuthSettings . ClientSecret ;
@@ -51,6 +58,9 @@ public ActionResult Configure()
5158 [ ChildActionOnly ]
5259 public ActionResult Configure ( ConfigurationModel model )
5360 {
61+ if ( ! _permissionService . Authorize ( StandardPermissionProvider . ManageExternalAuthenticationMethods ) )
62+ return Content ( "Access denied" ) ;
63+
5464 if ( ! ModelState . IsValid )
5565 return Configure ( ) ;
5666
@@ -68,8 +78,8 @@ public ActionResult PublicInfo()
6878 return View ( "SmartStore.Plugin.ExternalAuth.Facebook.Views.ExternalAuthFacebook.PublicInfo" ) ;
6979 }
7080
71-
72- public ActionResult Login ( string returnUrl )
81+ [ NonAction ]
82+ private ActionResult LoginInternal ( string returnUrl , bool verifyResponse )
7383 {
7484 var processor = _openAuthenticationService . LoadExternalAuthenticationMethodBySystemName ( "ExternalAuth.Facebook" ) ;
7585 if ( processor == null ||
@@ -82,7 +92,7 @@ public ActionResult Login(string returnUrl)
8292 var viewModel = new LoginModel ( ) ;
8393 TryUpdateModel ( viewModel ) ;
8494
85- var result = _oAuthProviderFacebookAuthorizer . Authorize ( returnUrl ) ;
95+ var result = _oAuthProviderFacebookAuthorizer . Authorize ( returnUrl , verifyResponse ) ;
8696 switch ( result . AuthenticationStatus )
8797 {
8898 case OpenAuthenticationStatus . Error :
@@ -117,5 +127,15 @@ public ActionResult Login(string returnUrl)
117127 if ( result . Result != null ) return result . Result ;
118128 return HttpContext . Request . IsAuthenticated ? new RedirectResult ( ! string . IsNullOrEmpty ( returnUrl ) ? returnUrl : "~/" ) : new RedirectResult ( Url . LogOn ( returnUrl ) ) ;
119129 }
120- }
130+
131+ public ActionResult Login ( string returnUrl )
132+ {
133+ return LoginInternal ( returnUrl , false ) ;
134+ }
135+
136+ public ActionResult LoginCallback ( string returnUrl )
137+ {
138+ return LoginInternal ( returnUrl , true ) ;
139+ }
140+ }
121141}
0 commit comments